[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] Better Spam Filtering that Sendmail 8.10?

Subject: Re: [cobalt-security] Better Spam Filtering that Sendmail 8.10?
From: "Ian" <cobalt@xxxxxxxxxxxxx>
Date: Thu, 13 Feb 2003 09:16:38 -0000
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

On 13 Feb 2003 at 7:26, Lance Rushing wrote:

> Hello All,
> 
> I am not 100% satisfied with my RaQ4?s sendmail 8.10 capabilities in regards 
> to spam filtering / fighting.  I have added a real-time blackhole lists to 
> sendmail and installed MailScanner 
> (http://www.sng.ecs.soton.ac.uk/mailscanner/) with SpamAssassin 
> (http://www.spamassassin.org/) and f-prot virus scan (www.f-prot.com).
> 
> [ I have a write up, that I?ll finish and post when I?m satisfied with my 
> solution ]
> 
> But like I said I?m not 100% satisfied with how MailScanner works.  Namely 
> that messages sit in a queue for up to 15 minutes while they are scanned.  I 
> figure I have 3 options and wonder if anyone has tried anything like this.

You can change the 15 minute queue runnner time in this file:

/etc/sysconfig/MailScanner

The line to change is:

QUEUETIME=15m

I have mine set at 5m.


Please bare in mind that this will cause sendmail to run through the 
whole outgoing queue every five minutes.

As far as I am aware (check the times in your logs), MailScanner 
scans messages as soon as they arrive in the inbound queue.  When 
they have been processed they are placed in the outbound queue.

I do not know if sendmail tries to send the mail straight away before 
placing it in the queue.

This is a sendmail issue, not MailScanner.

Ian
-- 


> Options:
> 1: Install Sendmail 8.12.x and use it?s milter capabilities to filter thru 
> spamassassin.
>      Pros: No need to install/configure additional MTUs.
>      Cons: I?m nervous about changing the RaQ?s software.
> 
> 2: Install postfix/qmail (maybe??) and see if I can get them to act as a 
> kind of port relay, after they have filtered the mail.  e.i.  have postfix 
> listening to port 25, filter the emails, then send them to port 1025 where 
> sendmail would be listening.
>      Pros: The RaQ?s software would be left intact (just config which port).
>      Cons:  Can it be done???  Having to configure another MTU.
> 
> 3: Turn off sendmail and replace it with postfix/qmail.
>      Pros: Only one mail server running.
>      Cons:  Huge programming issue to make it work with the Cobalt Admin.  I 
> am confident I could do it, but I don?t know if the 100 hours of perl 
> hacking is worth trying to eliminate the current 15minute wait for 
> MailScanner.
> 
> 4: Any other ways to get instant mail/spam filtering???
> 
> Anybody tried any of these?  Option 1 looks tempting, just grap the RPM and 
> cross the fingers?
> 
> Any thoughts?
> 
> -Lance
> 
> 
> 
> 
> _________________________________________________________________
> Protect your PC - get McAfee.com VirusScan Online  
> http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963
> 
> _______________________________________________
> cobalt-security mailing list
> cobalt-security@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-security

References:
- [cobalt-security] Better Spam Filtering that Sendmail 8.10?
  - From: Lance Rushing

Prev by Date: Re: [cobalt-security] Better Spam Filtering that Sendmail 8.10?
Next by Date: [cobalt-security] [Cobalt Raq 4] mail spool permissions.
Previous by thread: Re: [cobalt-security] Better Spam Filtering that Sendmail 8.10?
Next by thread: [cobalt-security] [Cobalt Raq 4] mail spool permissions.

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index