Contributed by grey on from the extensive write ups are great dept.
In this article we will look at a way to mitigate the problem of email-borne viruses and Unsolicited Bulk Email (UCE) otherwise known as "spam". The OpenBSD server will act as what I will call a mail filter gateway or MFG. The purpose of such a machine is to protect a network that lies behind it from viruses and spam.
The anti-virus and anti-spam software that will be used will be the popular Clam AV and SpamAssassin programs respectively. They will communicate with the Sendmail MTA via the smtp-vilter milter. This milter comes equipped with its own internal email attachment filter.
Peter also has some other tutorials that may be worth checking out here.
(Comments are closed)
By Anonymous Coward (200.175.1.1) on
Comments
By Brian (205.161.0.11) on
Spamd filters out connections to mail servers from known spammers and uses greylisting to filter out connections from spam software/viruses.
Spamassassin uses many techniques to determine if a given message is spam after the message has been sent to the mail server.
By marco (149.169.52.82) on http://www.public.asu.edu/~hondaman
even with sa (w/bayesian filtering), i was still getting 40-50 spams/day after filtering on SPAM: YES (SA would correctly tag 400-500)
after turning on spamd(8), that number dropped to maybe 4 or 5 getting through to the MTA, which SA then tagged
i'm upgrading my mailserver to 3.6 tonight, so i'll have a writeup on my homepage in case anyone is interested in chaining openbsd spamd, sendmail, clamav, and sa all together
By Lennie (212.204.168.146) on
http://mailscanner.info/
That's what I prefer.
By Petr Ruzicka (212.65.210.6) pruzicka@openbsd.cz on
By Dom De Vitto (217.169.21.119) on
In order:
1. spamd will tarpit blacklisted hosts causing them pain, forever.
2. Hosts not caught by spamd will be checked by spamassassin and the email content checked.
3. Finally the content is passed to ClamAV to virusscan.
Easy.
By Denis Solaro (81.249.99.156) sorry... on
By Anonymous Coward (216.220.58.205) on
I attempted a similar setup a while ago on a OpenBSD 3.4 box, but I kept on running into resource exhaustion problems. The box periodically got hit by gobs of virus filled spam which would bring the server down. This would usually happen around 2 or 3 in the morning ... very annoying. I'd like to know how to *properly* tune an OpenBSD box, but haven't found anything that clearly explains what issues need to be addressed.
Comments
By Brian (205.161.1.46) on
It is very important to have procmail/smtp-vilter call spamc which will connect to spamd(1). This way, spamd(1) will queue the messages instead of trying to process them all at once.
Old versions of spamd(1) didn't default to this behavior and required -m on startup.
Comments
By Anonymous Coward (216.220.58.219) on
Actually, I wasn't filtering spam. I was just filtering out viruses using clamav w/ milter. The problem (if I can remember correctly) was that when the box got hit with spam, the milter would eat up all available resources trying to scan those messages. Part of the problem was that the kernal wasn't tuned properly (still had default maxprocs, etc). Even when setting that to (what I thought were) reasonable defaults I still had problems.
Part of the problem for me is that I am not experienced with running production level boxes that do heavy duty email processing, etc. and I have not found any guides that explain how to properly tune these services. And when I ask it seems that I get replies such as "You idiot, didn't you do *BLA BLA BLA*?? Everyone knows that!!!". This, after hours on google trying to find a solution.
I would just like to learn about this stuff so I don't have egg on my face when I try to replace a Windows NT Service running on a 5 year old machine with a OBSD solution and fail. I fully understand that it can take a bit more time to setup than that old MS solution, but it's really frustrating when the knowledge to do so is so inaccesable.
Comments
By tedu (64.173.147.27) on
Comments
By Anonymous Coward (216.220.58.219) on
Do ya think so? Oh Jebus, I would never have though of that on my own.
Actually I did try that, but the setup still had problems. It would work perfectly for two weeks, and then crash. I abandoned it in favour of Postini's service, since it was far cheaper to implement than spending more time to get my box right. I'd still like to know how to make it work properly though.
Comments
By Brian (205.161.1.46) on
Comments
By Brian (205.161.1.46) on
From clamd.conf:
# Maximal number of threads running at the same time.
# Default: 10
# MaxThreads 15
By Luiz Gustavo (200.164.214.127) on http://hades.uint8t.org
That's not rocket science, what did you can expect of a daemon written in perl?
Learn to proper tune your daemon behaviour before blaming the OS, since it just give the resource you have made available.
Use pf as your first line of defense, taking out those Windows 95 and 98 source emails. Later let spamd(8) make things even worse for then and only after that pass emails to spamass. I bet the results will be a lot better.
Comments
By Anonymous Coward (216.220.58.219) on
I do not see anything that I wrote in the previous post that could be taken as me "blaming" the OS for these problems. I clearly blamed it on my lack of knowledge on this subject and asked for help.
Comments
By tedu (64.173.147.27) on
Comments
By Anonymous Coward (216.220.58.219) on
If you read the original comment you would realize that he wasn't, and neither are you.
Comments
By tedu (64.173.147.27) on
Comments
By Anonymous Coward (216.220.58.219) on
a) you still haven't read the original comment
b) who said I wanted to recompile a kernel?
What I'm really looking for is a sort of "best practices guide". I don't need any tips on what was wrong with my old setup (it was abandonned sometime ago).
Really, this is turning out to be a waste of time if I am to be treated like some sort of Gentoo ricer.
Comments
By Luiz Gustavo (200.164.209.132) on http://hades.uint8t.org
Most people lack the big picture of trying to have a pletora of system tools helping each other to avoid certain problems, once you get the idea things like a huge new worm or virus slamming your door could not make your server a dead brick.
By Jammer5 (219.88.102.227) on
Could you elaborate on this please ? Are you suggesting using the OS fingerprinting capabilities of pf to block connections to port 25 from Win95/98 machines ?
Do you have an example ruleset (or would something like this work) ?
Can I use wildcards in the OS field or should I create a list ?
Comments
By Luiz Gustavo (200.164.209.132) on http://hades.uint8t.org
Also use spamd to make your main MTA avoid junk email as possible and your mail server will end up doing less useless work.
Learn to tune your sendmail/qmail/postfix better, each one has loads of good resources and well known mailing list archives.
By Anonymous Coward (80.58.9.107) on
By 808blogger (17.255.241.38) on http://blog.evogts.com
Comments
By Anonymous Coward (69.17.22.33) on
Also http://www.ijs.si/software/amavisd/ which is a "better" way of running
Spamassassin.
Another howto: http://www.flakshack.com/anti-spam/wiki/index.php
By Anonymous Coward (69.197.92.181) on
Comments
By Anonymous Coward (213.118.35.44) on
Comments
By Denis Solaro (81.249.99.156) on
By sthen (81.168.66.229) on
By Anonymous Coward (67.34.129.203) on
Comments
By tedu (64.173.147.27) on
By 808blogger (66.91.22.5) on http://blog.evogts.com
By submicron (68.89.198.16) submicron@inherently-evil.net on
Comments
By Anonymous Coward (69.197.92.181) on
Comments
By Anonymous Coward (213.118.35.44) on
By submicron (64.207.228.181) submicron@inherently-evil.net on
Comments
By pravus (24.248.120.76) on
then why malign sendmail at all? your statement would have been just as valid and more effective had you left the derogatory statement out of it. the fact that you are having to re-explain your intent indicates that the original message's purpose was lost.
By Luiz Gustavo (200.164.209.132) on http://hades.uint8t.org
Comments
By submicron (64.207.228.181) submicron@inherently-evil.net on
Comments
By Luiz Gustavo (200.217.62.218) on http://hades.uint8t.org
In my conception a mailserver should be light and fast, mostly I/O based.