running debian sarge + exim4
Thanks
Carl Fink said:
>>>>Lucas Said:
>>>> Is their a backport of spamassassin for stable?
>
>>
>> Several.
>
>>>> I generally use the testing mimedefang/spamassassin becuase it uses the
>>>> newer perl version 5.8.
>
>>
>> Why is that an advantage, given SpamAssassin 2.61 with Perl 5.6?
I was not aware of backports, and I ususally stay with the standard repositories. No real advantage to useing 5.8 over 5.6, except for if you wish to use the embedded perl interpreter you need to run 5.8, for mimedefang. This lowers you memory usage, but has not been released as a mimedefang package. I have been amazed with the amount of spam I have been blocking with razor+pyzor+dcc+rbl-checks+SA+Evil Rules+mimedefang+greylisting. (razor,pyzor+dcc)=distributed checksums for spam. SA+Evil Rules for some really good extra cf rules, my local rules way in at over 10,000 lines. Greylisting is delivering a temporary delivery error for 2-3 minutes, and spammers will not reattempt delivery and regular senders will re-attempt delivery. I have been using it on my mail server, and have not gotten any complaints. It will lower the mail load on your server, as you can reject wtihout performing content analysis with sa. Go read about greylisting on google. Mimedefang supports greylisting, and I implemented some code based on mimedefang creater's code. It's also possible to implement stateful greylisting in which you delay mail from virus relays or high spam sites long enough to either reject the mail completelly, or lower the load on your server, without interfering with regular mail on the system. I am still incrementally implementing this. The idea is to add to your spamassassin score by maintaing a database of the behavior or all the senders and ip relays in the past. How often do they re-attempt delivery? What is their average spam score from that relay or sender? When do they attempt delivery? Have they sent a virus recently? Are they forging helo headers? Etc... I have the greylisting working, and am working on the throttle mail in which you can set a threshold for how many messages a particular ip address can send. I have a number of machines that mail cron reports, so I throttel them back so the mail server will only accept 1 mail message from the machines every 30 seconds. This just builds on maintaining ip state via mimedefang. My next step is to raise the temporary rejection time for machines that are infected, 95% of the time a virus relay will only send virus's for an hour or less. The important consideration is to always generate a rejection error when a message is rejected, and not have any false postitves. So people never lose mail, and users don't complain. (Obbious goals.)
--Luke
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
