rejecting spam at SMTP time (was Re: Postfix anti-antivirus (was Re: [linux-elitists] etc))

Andrew Kohlsmith akohlsmith-le@benshaw.com
Tue Sep 28 09:07:58 PDT 2004


On Tuesday 28 September 2004 11:59, Aaron Sherman wrote:
> Between SPF and XBL/SBL I drop a ton of spam at the SMTP stage, but it's
> still clogging my pipe.

I use rbldns-list.dsbl.org and cbl.abuseat.org and they work pretty decently.  
I drop a *ton* of connections just based on IP with those two lists.

> I'm about to start looking into anti-virus milters that can ID the virus
> before reading the whole message. It's getting pretty bad.

What gets through gets CLAM'd but it isn't done until I have the entire 
message.  I realize that isn't what you're looking for but perhaps someone 
else knows of a mail filter which uses CLAM as the message comes in?  I keep 
some stats of the top virus senders/recipients and hosts...

56392 since I started monitoring about a year ago (and not counting what I 
didn't keep track of for a couple months when mydoom was really hitting 
hard).  Top 5 viruses I receive include mydoom, sobig, bagle and somefool, 
along with MIME breakage which I trip as a virus hit (nobody seems to miss 
the messages, whether they're screwed up viruses or screwed up spam I really 
don't care).

Between the virus checking and spam scanning with SpamAssassin this Duron1100 
is sitting at a consistent loadavg of about 2.5.  It was really quite a bit 
slower until I brought it up to a gig of RAM -- an unholy amount of memory 
for what I consider a very simple thing: a mail server.   Unreal, IMO, that 
so much has to be thrown at what should be a simple task.

-A.



More information about the linux-elitists mailing list