rejecting spam at SMTP time (was Re: Postfix anti-antivirus (was Re: [linux-elitists] etc))
Tue Sep 28 09:07:58 PDT 2004
On Tuesday 28 September 2004 11:59, Aaron Sherman wrote:
> Between SPF and XBL/SBL I drop a ton of spam at the SMTP stage, but it's
> still clogging my pipe.
I use rbldns-list.dsbl.org and cbl.abuseat.org and they work pretty decently.
I drop a *ton* of connections just based on IP with those two lists.
> I'm about to start looking into anti-virus milters that can ID the virus
> before reading the whole message. It's getting pretty bad.
What gets through gets CLAM'd but it isn't done until I have the entire
message. I realize that isn't what you're looking for but perhaps someone
else knows of a mail filter which uses CLAM as the message comes in? I keep
some stats of the top virus senders/recipients and hosts...
56392 since I started monitoring about a year ago (and not counting what I
didn't keep track of for a couple months when mydoom was really hitting
hard). Top 5 viruses I receive include mydoom, sobig, bagle and somefool,
along with MIME breakage which I trip as a virus hit (nobody seems to miss
the messages, whether they're screwed up viruses or screwed up spam I really
Between the virus checking and spam scanning with SpamAssassin this Duron1100
is sitting at a consistent loadavg of about 2.5. It was really quite a bit
slower until I brought it up to a gig of RAM -- an unholy amount of memory
for what I consider a very simple thing: a mail server. Unreal, IMO, that
so much has to be thrown at what should be a simple task.
More information about the linux-elitists