|
Anti SPAM in a business environment
There are several open source anti-spam software implementations availabe for the Linux/UNIX platform. Spamassassin is the most well known, but is however completely based on perl, a interpreted scripting language. By using perl the biggest disadvantage occurs when a wave of spam email is received. The spam-assasin module then is responsible for a dramatic slowdown in speed of your complete email service. For a single person at home this might not be a problem, but inside a company network it becomes a total nightmare. In such a case DSPAM is a better choice and is completely open source : http://dspam.nuclearelephant.com/ DSPAM is written in C, and as such performs best of all public anti-spam implementations available. In addition DSPAM needs a database preferably MySQL but there are still 3 more other supported database backends :
libdb4_drv: Berkeley DB4 Library DSPAM Mlocal : Mlocal, P=/usr/local/bin/dspam, F=lsDFMAw5:/|@qfSmn9, \ S=EnvFromL/HdrFromL, R=EnvToL/HdrToL, T=DNS/RFC822/X-Unix, A=dspam --user $u -d %uHowever Amavis also hookups within Mlocal inside /etc/sendmail.cf : Amavis Mlocal : Mlocal, P=/usr/sbin/scanmails, F=lsDFMAw5:/|@qSPfhn9, \ S=EnvFromL/HdrFromL, R=EnvToL/HdrToL, T=DNS/RFC822/X-Unix, A=scanmails -t -Y -a $h -d $uThere can only run 1 thing at a time, on 1 instance of sendmail. The most logical solution here is thus to run 2 instances of sendmail, preferable on 2 seperate linux machines. Its only a matter of how seriously the spam and virus problem is treated. In principle i object to run 2 sendmail instances on 1 machine, because in that case port 25 smtp can only be used by 1 instance at the same time. Both vehiciles should thus always wait for each other, when running them on the same linux machine. I still prefer today to user RedHat 7.3 for server tasks. So in the DSPAM case a extra machine (PC) with RedHat 7.3 would be needed to run the DSPAM+Sendmail service. The installation of this 2nd PC with Linux can happen rather simple by cloning/ghosting its disks and partitions to the new disks inside the new PC. On the new Linux server, which is to run DSPAM + Sendmail, all other services not needed are switched off. The email flow can then be described using this diagram :Internet <-> DSPAM-sendmail <-> Amavis-sendmail <-> pop3/imap usersIn the mean time it has been demonstrated that its really possible to integrate DSPAM-sendmail and Amavis-sendmail on one Linux machine. The DSPAM documentation is rather vague about this possibility but the following "hack" is reported to allow sendmail/DSPAM/Amavis to run rather smooth on a single Linux machine. Replace the Mlocal inside /etc/sendmail.cf by : Mlocal, P=/usr/local/bin/dspam, F=lsDFMAw5:/|@qSPfhn9, \ S=EnvFromL/HdrFromL, R=EnvToL/HdrToL, T=DNS/RFC822/X-Unix, A=dspam -t -Y -a $h \ "--feature=chained,noise" \ "--deliver=innocent" \ "--mode=teft" --user $u -d %uThis is valid for DSPAM 3.0 or higher. However take care that DSPAM is being configured and build using the following ./configure options : ./configure --with-storage-driver=mysql_drv \ --with-mysql-includes=/usr/include/mysql \ --with-mysql-libraries=/usr/lib/mysql \ --with-delivery-agent=/usr/sbin/scanmailsIn here /usr/sbin/scanmails is of course your Amavis script. The setup works as follows. Configure your linux mailserver will all the needed adjustments inside /etc/sendmail.cf. Next add Amavis 0.2.2 including your favorate AntiVirus commandline scanner. After which DSPAM 3.0 or higher is to be configured and build using the above ./configure command. To allow DSPAM to run Linux platform independant, or even UNIX platform independant, on almost any Linux machine running kernel 2.2.xx , 2.4.xx or kernel 2.6.x one should select the MySQL storage driver. The platform requirements are then simplyfied to the version and features of your installed MySQL database. The costs of this anti-spam setup are : a half or full day of work eventual an extra PC as Linux DSPAM-sendmail server |
|
OS
support: RedHat, SuSE, Debian, Mandrake, SCO, Solaris
HW
support: Intel, AMD, Sun, IBM Network: Cisco, 3COM, Nortel