Do I need SpamAssassin?

Wed May 7 23:39:30 IST 2003

On Wed, 2003-05-07 at 22:50, Peter Bonivart wrote:

>I would like to keep it simple so what do I need SA for? It's more
>"advanced" but what does it mean to me? Will I get a lot of spam
>without it? Is it worth the added complexity?

In a word I think so [well 3 words then!] Simply using RBL databases
will only block a portion of the spam you recieve, mainly that which
comes from known open-relays, dial-up-netblocks and shady ISPs.  Spam
Assassin is far more sophisticated, It actually looks at the content of
mail, looking for spam-like content and suspicious headers.  It's rule
and score based approach is far better than a simple is/isn't spam
pattern match.  Add to that its self learning Bayes filter which is able
to identify features which differentiate spam from your genuine mail
using statistical analysis.  Then add your pick of Razor2, Pyzor, DCC
(All basically checksum clearing houses which store checksums of known
spam messages which can then be compared to messages you recieve).  This
goes far beyond anything you'll find elsewhere.  SA is also highly
configurable (don't let that put you off - the defaults are Pretty Damn
Good).

> Also, the mail system I want MS in uses Exchange on the inside and
they
> have anti-virus scanners for that database and also on every desktop.

>Is there any point for me to scan mail for viruses at the MTA
(Sendmail)
>level as well? Isn't the virus scan more resource demanding than the
>spam and attachment checks? I'm running Solaris and not all companies
>offer scanners for that platform. Any advice?

Don't rely on desktop protection - its never as reliable as you think it
will be.  Even if exchange is scanning too I'd recommend scanning on
your mail gateway too.  Sure the exchange stuff will help to protect
your internal users from each other, but speaking personally I'd much
prefer that virus infected mails never got as far as Exchange.  If
possible use a different engine on your MailScanner box to give maximum
protection.  If cost is an issue use the cheaper engines, if cost isn't
an issue (and you've got plenty of processor cycles to spare) use
Sophos.  Even if you can't afford anything(!) run ClamAV, its pretty
good for the price (free), although I wouldn't completely rely on it.
The only good argument for not running a virus scanner with MailScanner
is if your server can't cope (and really thats a better argument for
upgrading your server!)

BMRB International
http://www.bmrb.co.uk
+44 (0)20 8566 5000
_________________________________________________________________
This message (and any attachment) is intended only for the
recipient and may contain confidential and/or privileged
material.  If you have received this in error, please contact the
sender and delete this message immediately.  Disclosure, copying
or other action taken in respect of this email or in
reliance on it is prohibited.  BMRB International Limited
accepts no liability in relation to any personal emails, or
content of any email which does not directly relate to our
business.