LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 06-05-2012, 04:42 AM   #1
xuta
LQ Newbie
 
Registered: Apr 2011
Location: Hanoi, Vietnam
Distribution: Ubuntu, OpenSuSE, Debian, Gentoo
Posts: 24

Rep: Reputation: Disabled
Anti-spam anti-virus dovecot + postfix mail system


I am trying to find good tool/plugin for dovecot and (or) postfix for anti-spam and anti-virus for mail system.
In fact, I am new in mail system (about 3 months).
Please help me list some good tool/plugin + its advantage/disadvantage in both open source or commercial solutions, it will help me so much.
Thank you so much in advance.
 
Old 06-05-2012, 08:07 AM   #2
Noway2
Senior Member
 
Registered: Jul 2007
Distribution: Ubuntu 10.10, Slackware 64-current
Posts: 2,124

Rep: Reputation: 779Reputation: 779Reputation: 779Reputation: 779Reputation: 779Reputation: 779Reputation: 779
Probably the most common solution would be to use Amavis with Spamassassin and a virus scanner like ClamAV. Second to Spamassassin might be DSpam. I really couldn't give you any details regarding a comparison of these tools to commercial solutions. In this regard, you may need to do your own research.

One piece of advice that I can give you is that you need to apply your anti-spam filtering in layers and to be effective it will require a holistic solution rather than a plugin or tool. For example: you will first want to configure Postfix properly so that it rejects obvious garbage such as invalid domains and improper helo handling. Next you could add grey listing which will temporarily reject a sender with a "try again" error code. A normal mail server will try again, whereas a spam zombie may not, thereby cutting down on spam. Next, you can use DNS checklists to reject mail from known spamming domains. Finally, if the message makes it through all of this, you should apply your content filtering (e.g. Spamassassin). The idea is that you place the lowest resource use checks first and apply more aggressive techniques later.
 
Old 06-05-2012, 10:30 PM   #3
xuta
LQ Newbie
 
Registered: Apr 2011
Location: Hanoi, Vietnam
Distribution: Ubuntu, OpenSuSE, Debian, Gentoo
Posts: 24

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by Noway2 View Post
Probably the most common solution would be to use Amavis with Spamassassin and a virus scanner like ClamAV. Second to Spamassassin might be DSpam. I really couldn't give you any details regarding a comparison of these tools to commercial solutions. In this regard, you may need to do your own research.

One piece of advice that I can give you is that you need to apply your anti-spam filtering in layers and to be effective it will require a holistic solution rather than a plugin or tool. For example: you will first want to configure Postfix properly so that it rejects obvious garbage such as invalid domains and improper helo handling. Next you could add grey listing which will temporarily reject a sender with a "try again" error code. A normal mail server will try again, whereas a spam zombie may not, thereby cutting down on spam. Next, you can use DNS checklists to reject mail from known spamming domains. Finally, if the message makes it through all of this, you should apply your content filtering (e.g. Spamassassin). The idea is that you place the lowest resource use checks first and apply more aggressive techniques later.
You are very cool guy in mail system.
I really agree with you about anti-spam in multi-layers, but I still see some problem.
Grey list and DNS checklist - how can we make it update automatically?
 
Old 06-06-2012, 05:07 AM   #4
Noway2
Senior Member
 
Registered: Jul 2007
Distribution: Ubuntu 10.10, Slackware 64-current
Posts: 2,124

Rep: Reputation: 779Reputation: 779Reputation: 779Reputation: 779Reputation: 779Reputation: 779Reputation: 779
Greylisting uses a database that is local to your server. By database, it is really nothing more than a hash list and it gets purged periodically. Say for example, that I send you an email. The first time I send you an email, my domain is not known to your server, so it rejects the message with a 400 level code and requires me to wait (typically 60-600 seconds). Being a compliant server, my system will attempt to redeliver the message after a period of time. This time, my domain is found in the database, so the message is accepted. In the future, my domain will also be known so messages will be accepted. There is no need to "updated" the database.

In terms of the DNS checks, like invalid sender, these are done through the registrars. There is no action required by or available to you. In terms of the RBL lists, updating is handled by the organizations that generate the RBLs. Statistically abusive domains get listed and the admins can go through a process to get de-listed, hopefully after having blocked the spammer and terminating their service. Again, there is nothing for you to do in terms of updating.
 
Old 06-06-2012, 05:22 AM   #5
xuta
LQ Newbie
 
Registered: Apr 2011
Location: Hanoi, Vietnam
Distribution: Ubuntu, OpenSuSE, Debian, Gentoo
Posts: 24

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by Noway2 View Post
Greylisting uses a database that is local to your server. By database, it is really nothing more than a hash list and it gets purged periodically. Say for example, that I send you an email. The first time I send you an email, my domain is not known to your server, so it rejects the message with a 400 level code and requires me to wait (typically 60-600 seconds). Being a compliant server, my system will attempt to redeliver the message after a period of time. This time, my domain is found in the database, so the message is accepted. In the future, my domain will also be known so messages will be accepted. There is no need to "updated" the database.

In terms of the DNS checks, like invalid sender, these are done through the registrars. There is no action required by or available to you. In terms of the RBL lists, updating is handled by the organizations that generate the RBLs. Statistically abusive domains get listed and the admins can go through a process to get de-listed, hopefully after having blocked the spammer and terminating their service. Again, there is nothing for you to do in terms of updating.
If it's possible, it's really cool. But from idea, I don't know how to do it on postfix.
If you have some links about it, could you give me?
Thank you so much.
 
Old 06-06-2012, 10:46 AM   #6
Noway2
Senior Member
 
Registered: Jul 2007
Distribution: Ubuntu 10.10, Slackware 64-current
Posts: 2,124

Rep: Reputation: 779Reputation: 779Reputation: 779Reputation: 779Reputation: 779Reputation: 779Reputation: 779
There is a plethora of information available on Postfix and anti-spam measures. The Postfix official documentation is excellent, but not oriented towards someone who hasn't developed a working knowledge of Postfix yet. Rather than suggest you search, which could give you bad information, here are a couple of links that I think are good and should show you how to implement these features.
First is a link to one of the many Postfix Howto documents available, one that I personally like. It has instructions for greylisting, DNS RBLs, and other anti-spam measures. Here is another link to reputable how to document on Postfix. This page discusses Amavisd-new, Spamassassin, and ClamAV.
 
Old 06-06-2012, 11:13 AM   #7
xuta
LQ Newbie
 
Registered: Apr 2011
Location: Hanoi, Vietnam
Distribution: Ubuntu, OpenSuSE, Debian, Gentoo
Posts: 24

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by Noway2 View Post
There is a plethora of information available on Postfix and anti-spam measures. The Postfix official documentation is excellent, but not oriented towards someone who hasn't developed a working knowledge of Postfix yet. Rather than suggest you search, which could give you bad information, here are a couple of links that I think are good and should show you how to implement these features.
First is a link to one of the many Postfix Howto documents available, one that I personally like. It has instructions for greylisting, DNS RBLs, and other anti-spam measures. Here is another link to reputable how to document on Postfix. This page discusses Amavisd-new, Spamassassin, and ClamAV.
Thank you so much for your help.
 
Old 06-08-2012, 05:31 PM   #8
pantdk
Member
 
Registered: Oct 2011
Location: New Delhi
Posts: 231
Blog Entries: 3

Rep: Reputation: 17
postfix+dovecot+clamav+spamassassin
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: Postfix Backup Mail Server Anti-Spam / Anti-Virus Configuration LXer Syndicated Linux News 0 05-05-2009 02:00 PM
LXer: Mandriva Postfix Anti-Spam, Anti-Virus Relay Server for Exchange Server 2000/2003 LXer Syndicated Linux News 0 06-29-2006 10:21 AM
Anti Virus/ Anti Spam for Linux? Sp@rticus Linux - Software 3 11-18-2005 02:17 AM
Best Anti-spam and Anti-virus application? vittibaby Linux - Newbie 6 10-21-2003 07:21 AM
Creating an ultimate anti-virus and anti-spam email gateway markcc Linux - Networking 2 10-08-2003 03:10 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 04:23 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration