Complete.Org: Mailing Lists: Archives: discussion: February 2002:
[aclug-L] Re: Looking for suggestions
Home

[aclug-L] Re: Looking for suggestions

[Top] [All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index] [Thread Index]
To: discussion@xxxxxxxxx
Subject: [aclug-L] Re: Looking for suggestions
From: Donald King <donald@xxxxxxxxxxx>
Date: Sat, 23 Feb 2002 12:56:52 -0600
Reply-to: discussion@xxxxxxxxx

On Fri 22 Feb 2002 03:14, Matt Pankratz wrote:
> Greetings,
>
> I'm looking for some suggestions concerning an SMTP project I'm working
> on.
>
> I'd like to implement an SMTP gateway with the following functionality:
>
> Virus Protection / Scanning
> Content Filtering
> Spam Filtering
>
> I've had experience with this in the past but with traditional commercial
> software.  I'd like to be able to do a cost analysis between the two and
> present it.
>
> I've done a bit of research on some of the available open-source software
> packages.  But I'd like any input / experiences that might be out there.
>
> I'd like to stay with SendMail for the MTA because I'm familiar with it
> and it seems to have good support and security.
>
> What I am not familiar with is the Virus Protection / Filtering side of
> things.
>
> Thanks in advance for any input.
>
> Matt Pankratz

Sendmail needs a local delivery agent to put mail into mailboxes, and 
Procmail is the most commonly used.  Procmail itself has a lot of powerful 
features for creating spam filtering rules; if you have it installed, try 
reading "man 5 procmailrc".  Building a good anti-spam Procmail ruleset 
that minimizes both false positives and false negatives takes time and 
effort, but there are some projects out there to create a good anti-spam 
ruleset to start from.

Also, Sendmail has some nifty anti-spamming tools available.  The access_db 
feature can be quite handy, because it outright bounces messages from any 
unsavory domains which you specify.  Add "FEATURE(access_db)dnl" to your 
sendmail.mc, re-build it into sendmail.cf, then add lines of the following 
form to /etc/mail/access:

        pm0.net<tab>ERROR:5.7.1:550 We don't accept mail from spammers

For sendmail to recognize your access_db, you will have to makemap it (e.g. 
"makemap hash access < access" from /etc/mail) whenever you change the text 
file.  You can also enable one or more of the various DNS-based spam 
blacklists, using lines like "FEATURE(dnsbl,`bl.spamcop.net')dnl".

For content filtering, I'm currently working on a project that acts as a 
filter in Procmail.  It currently uses Perl's MIME::Parser package, which 
is terribly slow; I eventually intend to put some finishing touches on a 
MIME parsing and generating library that I'm writing in C, then use that to 
create an e-mail filter.  There are some similar projects already in 
existence, but I like to roll my own.  Your best bet is to ask Google.  
Some that I've seen recently mentioned on Bugtraq in a positive light 
include <http://www.roaringpenguin.com/mimedefang/> (I've used it and liked 
it) and <http://qmail-scanner.sourceforge.net/> (if you ever switch to 
qmail, which I personally found to be a more annoying MTA than even 
Sendmail).

I recommend avoiding virus scanning whenever possible, since viruses can 
easily slip past scanners if your signature database isn't up-to-date, and 
all but the most famous trojans will slip through undetected.  Rely on 
content filtering instead, and disallow all executable content from passing 
through the firewall without at least being quarantined.

-- 
Donald King, a.k.a. Chronos Tachyon
http://chronos.dyndns.org/ -- WWED?
Guardian of Eristic Paraphernalia
Gatekeeper of the Region of Thud
 12:17pm  up 118 days, 16:12,  2 users,  load average: 0.01, 0.02, 0.05
-- This is the discussion@xxxxxxxxx list.  To unsubscribe,
visit http://www.complete.org/cgi-bin/listargate-aclug.cgi


[Prev in Thread] Current Thread [Next in Thread]