Do I need SpamAssassin?

Quentin Campbell Q.G.Campbell at NEWCASTLE.AC.UK
Thu May 8 09:54:40 IST 2003 

> -----Original Message-----
> From: Peter Bonivart [mailto:peter at UCGBOOK.COM] 
> Sent: 07 May 2003 22:51
> To: MAILSCANNER at JISCMAIL.AC.UK
> Subject: Do I need SpamAssassin?
> 
> 
> As I understand it MS checks for spam with help from 
> databases, it also uses blacklists and whitelists. Detected 
> spam can be marked and delivered or deleted. Am I right so far?

Yes, but most of the spam we receive at this site is not from RBLd sites so is missed without SA.

> 
> I would like to keep it simple so what do I need SA for? It's 
> more "advanced" but what does it mean to me? Will I get a lot 
> of spam without it? Is it worth the added complexity?

It is definitely worth running SA with MS. You will get more spam without it (see comment above).

You can pretty well install SA out of the box and run it immediately with MS without changes. You only need to set the Low/High spam socres in MS and possibly disable some/all the RBL checks that SA does.

This site makes heavy use of local SA rules but I suspect we are in a very small minority. Perhaps rather more sites tweak the scores for some standard SA rules.
 
> 
> Also, the mail system I want MS in uses Exchange on the 
> inside and they have anti-virus scanners for that database 
> and also on every desktop.
> 
> Is there any point for me to scan mail for viruses at the MTA 
> (Sendmail) level as well? Isn't the virus scan more resource 
> demanding than the spam and attachment checks? I'm running 
> Solaris and not all companies offer scanners for that 
> platform. Any advice?

One advantage of doing A-V scanning via MailScanner on your Mail Hubs (MTA level) is that you can run each message through multiple A-V products. We currently use Sophos and McAfee with MS. This has the advantage that if one A-V product fails (database update or engine failure for example) or is not updated with a new virus signature quickly enough, there is a good chance the other A-V scanner will pick up the virus.

Running SA is _very_ resource intensive. Just running Sendmail and MS plus one A-V product will demand more resources but not so significant that you should have to upgrade your platforms.

We originally ran Sendmail + MS + McAfee (for A-V) on Solaris boxes. Note that Sophos also runs on Solaris.

Our Ultra-5 boxes could not cope with the additional load of SA so we upgraded all of our Mail Hubs to generously resouced dual-processor Dell boxes and now run Linux rather than Solaris. Our MTA configuration runs Sendmail + MS + Sophos + McAfee + SA and still they are more than 50% idle. We have 18,000 users and handle more than 500,000 incoming messages per week.

> 
> Sorry for all the newbie questions but I'm really interested 
> in using this. I have a chance of replacing a commercial 
> Windows-based system that costs $20.000 a year in licensing 
> alone and I really want to show what open source can do but 
> this is new to me so I need help. Thanks.

You can chose cheaper A-V products than we run so your only outlay then is the one-off  cost of upgrading your MTA to a decently specified Intel box on which to run Linux + Sendmail (or Exim) + MS + SA + one/two A-V products.

For example a 2.5GHz dual-processor Dell box with 2GB memory and 4 x large capacity SCSI disks will cost you less than £5,000. Go for 4 x SCSI disks with two separate controllers so that you can use software mirroring (RAID1) for resilience; one disk of a mirror set is your system and log disk, the other disk of the mirror set is your spool disk.

Even better if you can duplicate that configuration and run with two MTA's which become equal precedence MX hosts for your domain. This not only gives you additional site resilience but also means you should never have capacity problems for a very long time to come! 
  
Quentin
---
PHONE: +44 191 222 8209    Computing Service, University of Newcastle
FAX:   +44 191 222 8765    Newcastle upon Tyne, United Kingdom, NE1 7RU.
------------------------------------------------------------------------
"Any opinion expressed above is mine. The University can get its own."

More information about the MailScanner mailing list