To comment on Bob's approach that's exactly what got me going in the Linux world...
Exchagne2K.
Here is my experience with Exchange 2K. This is a little off topic I just wanted to
include some feedback.
Here was the problem that we had (and the solution) when I started running Exchange
2K.
Try 1 2000) I build an Exchange 2K box on a 800mhz box with 512mb of ram to handle
about 200 email boxes. (that was the hardware of the day). Because of budget
constrains I could not build a second box. So, we put this box into place, including
AV, and started using it. Day 10 they box was overloaded, customers complained and
then a mail emailing took it out
Try 2 2000) Learning a little we built a second box to act as a front end. About the
same specs... After configuring it the box seemed to work. Then I started getting a
"but load" of spam. These were guess work spams... You know, [EMAIL PROTECTED],
<mailto:[EMAIL PROTECTED]> [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED],> , etc. It
took it's tool quickly as well. The machine itself would spend 90% of it's time
dealing with it, 10% trying to keep IIS running.
Try 3 2000) Tired of maintaining Exchange everyone morning and night I decided to try
that sendmail thing... I implemented that on a couple cheap Linux boxes. The test
case was two 90mhz Compaq workstations. Don't laught cause it seemed to help.
Basically they just transported the mail to the Exchange DS box which was internall
only now because of the FE server). This helped immensly because when Exchange was
busy then the mail would spool. After proof of concept we did indeed upgrade those
90mhz boxes (currently still 450's though)...
Try 5 2001/2002 and the somewhat final solution) We revamped our structure for web
hosting and other solutions to include many Linux email server offloading many of the
accounts to the Linux side (though we still have a couple hundred Exchange accounts).
We ended up using postfix for our web server builds for several factors. The big
things that we did was include RBL's on the postfix servers which reduced the spam by
80%. There were some FP's when what one (can't remember now) RBL when down. We also
implemented AV on this box as well. So this is the flow now.
Internet -> Postfix spoolers -> RBL -> Spam Assassin -> AV -> (reinjected back to
postfix) -> Destination (which is E2K, other postfix servers and in some cases
external client SMTP servers).
The 4 postfix servers that we have (which is also running linux-ha software) are at
two locations. Two clusters which consist of two 450mhz machines each.
uptime: 10:22:59 up 74 days, 4:54, 1 user, load average: 0.04, 0.03, 0.00
During the day the postfix server receives about 1 email every 2 seconds, around 7:am
(when all of the friggen spamming seems to occur for us) it's about 5 a second.
sar:
07:20:00 AM all 4.55 0.01 0.74 94.70
07:30:00 AM all 1.84 0.04 0.72 97.40
07:40:00 AM all 3.14 0.03 0.81 96.03
07:50:00 AM all 3.86 0.03 0.86 95.25
08:00:00 AM all 4.29 0.01 0.86 94.84
08:10:00 AM all 2.13 0.03 0.73 97.11
Since we decided upon Bob's simple approach we have increased hardware but reduced
maintenance time significantly. The cost of hardware is nothing for the benefit's
that it provides. Our offsite location just has DNS and a SMTP/postfix cluster. Best
investment we ever made.
Coincidentally, we have 4 new P4 servers to be put into place sitting idle for last 4
months but because the system as a whole works so well we just haven't gotten around
to changing it. So for now they are backups.
Gary Smith
-----Original Message-----
From: [EMAIL PROTECTED] on behalf of Bob Apthorpe
Sent: Wed 12/10/2003 9:21 AM
To: [EMAIL PROTECTED]
Cc:
Subject: Re: [SAtalk] filtering spam tagged email before hitting exchange 2000
Hi,
[N.B. Reformatted into a sensible whole. Please trim your posts, line
wrap and (I know this sounds petty) please don't top post if you expect
follow-ups. Thanks.]
On Wed, 10 Dec 2003 09:22:06 -0600 "JRiley" <[EMAIL PROTECTED]> wrote:
> From: Efren Pedroza
> > On Behalf Of gentian
> > > I am very new to spamassassin and i want to setup a gateway for external
> > > spam and then i want to relay mail from spamassassin to Exchange 2000. I
> > > read that spamassassin just tags the mail, doesn'filter it and i should
> > > filter it on Exhange 2000 and that was done by some other tools. The
> > > problems is that i do not want to mess around with Exchange 2000 and
> > > install other stuff in there. It has already enough load and problems so
> > > I was wondering if there is any way to filter tagged email before it
> > > hits Exchange 2000, something that filters it at at tehe same machine
> > > where spamassassin lives.
> > >
> > > Any idea is apprecciated.
Check the mailing list archives. If you have a spare reliable PC, you
can build a secure, spam-filtering mail relay to pre-filter internet
traffic to your Exchange server using Sendmail+MimeDefang+SA or
Postfix+Amavisd+SA. This is a common question, it may be a FAQ but I'm
dead sure this has been discussed on this list in last three months.
> > I don't know why you are saying that SA does not filter e-mails, I does
> > !! I'm very newbiew on this but i did install SA on same server where
> > Exchange 2000 runs and it's doing well.
> >
> > The only mater is that i can't find the way to make white list; Sa is
> > tagging as SPAM valids e-mails, can someone help me on this ?
Read the documentation on how to use whitelist_from and
whitelist_from_rcvd. whitelist_from_rcvd is most likely what you want.
Your whitelist will need to go in a user_prefs file or local.cf; not
sure where those are located on Win32 (are you running SA under Cygwin?)
> SA does have the ability to filter (block/discard) if so configured..
> basically by just setting SA to delete any incoming scanned msg with a
> score of 5+ (default score level).
<sigh> No, SA itself does not, cannot block or discard mail, but it may
provide scoring information for other tools that block or discard mail
(e.g. procmail, milters, etc.) Think of SA as the judge and jury, some
other tool as the executioner. SA just renders an opinion and files the
paperwork. Something else pulls the trigger.
> As far as setting up a whitelist, on a win32 implementation of SA, read
> the SA docs, and/or visit some sites with configuration information.
If you don't find your answer in the docs, the FAQ, or the mailing list
archive, you've either got an interesting question or you're not trying
hard enough. :)
-- Bob
-------------------------------------------------------
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills. Sign up for IBM's
Free Linux Tutorials. Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click
_______________________________________________
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
�†+��wzf¢–+,¦‰ìo"�0¸§»�îâj[�yÊ&y©ÞÆ«¶)Ë Õ�¢¸î²Û!jº^Ÿ*.®É"–[�Š î¥ú+
�,�·ž.)îÅ;¢¸š–ÂÞj¹Þêò¶�§úèšØ^m«!²�¥–Ú,ÊÆš)Â'$žŒ!¶Úý§l¢Çgr‰¿iØ×nüjYhr'wßh¥ÉbrD©jf¬±«,Š{Z–IšŠX§‚X¬µ*Z™«,jË"žÖ’X¬¶Ë(º·�~Šàzw†Ûi³ÿåŠËl²‹«qçè®�§zßåŠËlþX¬¶)ßû)jf¬±«,Š{Z–
