On Mar 27, 2015, at 2:09 PM, Axb <axb.li...@gmail.com> wrote: > As an AV product I'd recommend Sophos AND ESETS/Nod32.
I'll look into Sophos, I'm not entirely sure if I can deploy it on my system or not. We have to use RPMs that can be distributed to the virtual hosts, etc... I'll definitely look into it. Haven't heard about ESETS/Nod32, will check it out. > I'd also suggest you disable msg munging if you want hashers to work. I'll certainly consider that if this is a major issue. I see hashers working on many other messages, but I'm not sure how munged those messages are. I'll try to investigate to see if I've seen hash hits on munged messages... Turning off munging will unfortunately reduce security since it allows embedded JS and web bugs, but if it improves the chances of those things getting properly tagged as spam then they won't open them anyway, so I guess it may come out in the wash. > URI lists may also list URIs to .js and web bugs - you could be missing on > them. Very good point. > Are you an ISP/ASP or is this a corporate box? A bit of both. We run a dedicated server that is owned by a major ISP, but they basically only handle the upstream end. We are root on the box and handle everything downstream. We run a virtual hosting panel and our corporate clients run domains (for email and web hosting) as virtual hosts on the box. Each virthost is operated in a chroot environment, and the control panel distributes the central RPMs to each virthost. So, everything we do has to work with the framework of the control panel and its virtual hosting environment. > What are you really using MailScanner for? Primarily as glue to clamav (via clamd) and for attachment policy enforcement (e.g., no .exe payloads), and secondarily for URI munging. > I also wonder if you're doing any rejects at SMTP level. Yes, I've implemented enhdnsbl in sendmail, querying SpamCop, Barracuda, and SpamHaus Zen (in that order). I know Barracuda is often overzealous but we haven't seen any FP rejections (that we know of) yet. Are there any other RBLs you suggest I add to sendmail's checks? (I used to use NJABL but that's dead, and last time I asked on this list, I was told SORBS wasn't a good idea due to too many FP rejections.) I also have greetpause enabled (at 1 sec) to reject trigger-happy spammers. Cheers. --- Amir
