Hello All,
I am working on recommendations for the ASF to modernize the
installation of SA for the foundation.
We have some givens:
Using Ubuntu
Using Postfix
Need to stick with maintainable packages
Likely needs to stay away from lots of tweaks and heavy customization
such as using MIMEDefang (unfortunate).
So I'd like any input you might have, on or off list. Here's some
questions I believe will help guide things:
Q1 - What is the best glue for SA for Postfix that does the following:
- uses spamc calls so that spamd's can be distributed and load balanced?
- can implement clamav before SA call
- should silently discard emails if a virus is detected
- must use clamdscan but ideally can utilize some sort of socket
solution for clamd to run distributed and load balanced
- should bound email over a certain threshold (let's say 5) and silently
discard email over a certain threshold for SA (let's say 10)
- Might use a few RBLs to decline connections to start
- Implements a good implementation of greylisting
- Temporary failure for scanning (virus or spam) failures
Q2 - Do we happen to know who maintains SA for Ubuntu so we can try and
work to make sure the upcoming release of 3.4.1 is packaged?
Here's the high level draft if anyone has some thoughts:
- Implement a cluster of spamd servers with no Bayes but likely using
SQL prefs for some whitelist/blacklisting - Bayes not being used because
training and maintaining will likely be too difficult
- Implement txrep with SQL backend
- Implement a cluster of clamav boxes
- Implement an SPF record
- Implement postfix with xyz glue to test email on a scalable # of mx's
- Implement a few RBLs to block SMTP connections - I hate to recommend
this but ASF members are very sensitive to spam so I'm treading lightly
Regards,
KAM
