Recherche dans le site/ Search this Blog:


All free Anti-Spam solution for sendmail using Spamcop, Spamhaus, Spam Assassin, Mailscanner and f-prot as anti-virus Imprimer

Since the amount of spam sent is constantly rising, we are constantly putting more resources to filter and avoid it. The last big move we did was to add sbl to the SpamCop one we were already using. We also added some of the latest sendmail options to our sendmail configuration to cut down on spam. Greeting Pause is definitly the most efficient of them.

We were against using before because it may block legitimate mail from people running mail servers without being registered as an official MX for some domain or from people running their mail server on an IP that is considered as a "home user" IP that should not send mail directly but instead forward it to their ISP mailserver.

Nevertheless, we have decided to give it a try and it is the latest addition to our restrictive spam filters. Well, it looks like we are going to keep it because this latest addition cut the spam we receive by 90% and we have received no complains from our customers so no senders had to be whitelisted yet. The great thing is that with RBLs ( real time black lists), the spammers do not even get a chance to upload their spam to our servers. The connection is dropped before that.

Other neat additions are the use of the following sendmail options: BAD_RCPT_THROTTLE, SMTP_MAILER_MAXMSGS, LOCAL_MAILER_MAXMSGS, RELAY_MAILER_MAXMSGS, MAX_RCPTS_PER_MESSAGE, greet_pause, ratecontrol, CONNECTION_RATE_WINDOW_SIZE, CONNECTION_RATE_THROTTLE, See what these mean here.

Basically, there is two ways to filter spam, before the spammers upload it to your server and after it has been uploaded. Here is our config file for sendmail that allow us to block spam before it is sent:

FEATURE(`ratecontrol', ,`terminate')dnl
FEATURE(`greet_pause',15000)dnl wait 15 seconds before accepting mail
define(`confCONNECTION_RATE_THROTTLE', `1')dnl
FEATURE(`dnsbl', `', `"Rejected due to Spamhaus listing see" $&{clientaddr} " for more information"')dnl
define(`confSMTP_LOGIN_MSG',`Javamail version 1.7.1_09')dnl
define(`confDOMAIN_NAME', `')dnl
define(`confPRIVACY_FLAGS', `goaway')dnl
define(`confMAX_RCPTS_PER_MESSAGE',`15')dnl max rcpt in each message
define(`confSMTP_MAILER_MAXMSGS',`5')dnl max X message by outgoing connection
define(`confLOCAL_MAILER_MAXMSGS',`5')dnl max X message delivery by connection
define(`confRELAY_MAILER_MAXMSGS',`5')dnl max X message delivery by connection
define(`confBAD_RCPT_THROTTLE',`1')dnl sleep 1 sec at each X additional rcpt once MAX_RCPTS_PER_MESSAGE reached
define(`confMAX_RUNNERS_PER_QUEUE',`10')dnl max runner process
define(`confMAX_QUEUE_RUN_SIZE',`20')dnl max message to deliver by queue run
define(`confMAX_HEADERS_LENGTH',`32768')dnl max headers length

And here are the /etc/mail/access directives that go along with it:

GreetPause: 5000
GreetPause: 5000
GreetPause: 50000
ClientRate: 0
ClientRate: 5

ClientRate: 10
Connect: OK // whitelisting

To filter mail after the spammers has managed to upload it to our servers, we use Spam Assassin ran within Mail Scanner. We also use the free command line version of the f-prot antivirus to filter mail for viruses within Mail Scanner although you will need a commercial daemon version if you have a really high volume of mail coming into your server. Using the command line version of f-prot forks a new a process for every scan. Note that with the speed of computers today, you could probably handle a high volume of mail anyway with the command line version. It will nevertheless be less efficient than a daemon version that keeps on running all the time waiting for incoming messages to scan. Note that the command line version of f-prot lets you access the update site free, we setup a cron job (Linux scheduler) updating the virus list 3 times a day.

Mail Scanner link

Spam Assassin link

F-Prot Antivirus link

Ajouter votre commentaire / Add your comment

Votre nom / Your name:
Sujet / Subject:
SPAM: Ne pas inclure de lien ou utiliser le stratagème suivant: " slash mapage.html"     Nous utilisons un filtre qui bloque les commentaires suspects avec une erreur 403. De même, du code de programmation ou sql peut provoquer des erreurs 403. Veuillez utiliser un lien vers votre code tel que: " slash jVNqLieD"    Merci!
SPAM: Do not include any links in your post or use the following construct: " slash mypage.html"    We are using a filter that denies suspicious posts with a 403 error. Programming language or SQL code may also cause a 403 error. Please provide a link to your code instead like: " slash jVNqLieD"    Thank you! :
  Lettres de vérification; lettres minuscules seulement, pas d
Retaper les lettres affichées / Word verification:
Mis à jour / Last updated ( lundi, 27 octobre 2008 19:41 )

Consultez TOUS nos fils d'actualité ici. / View ALL our newsfeed here.