Do I need SpamAssassin?

[Peter Bonivart]

Thanks for all the help!

It's just that I've been lurking on this mail list for a month and the
combination of MS and SA seems to create some problems when one of them
upgrades. I thought I could save myself some trouble but all of you seem
to think SA is the way to go. I will try to read more about it.

So, if I use SA can I turn off MS spam features and only use it for
attachment filtering then? Will I gain any speed by that?

I don't get the scoring system either, why do I need a score? Isn't the
mail supposed to be marked as spam so the client (Outlook in my case)
can decide what to do with it? Does Outlook use the score, I haven't
used it for a while?

Finally, a question about performance. If I have an MTA box in a DMZ
running Bind and Sendmail (sending and receiving mail on the internet)
and the load is really light (we average about 5.000 messages/day) would
a similar box be sufficient for MS, SA and anti-virus scanning to be
placed between the MTA and Exchange? The box I'm referring to is a Sun
Fire V120 with 550 MHz UltraSparc-II and 512 MB RAM. Will I need more
CPU and/or RAM?

/Peter Bonivart

--Unix lovers do it in the Sun

On Thu, 2003-05-08 at 10:54, Quentin Campbell wrote:
> > -----Original Message-----
> > From: Peter Bonivart [mailto:peter at UCGBOOK.COM] 
> > Sent: 07 May 2003 22:51
> > To: MAILSCANNER at JISCMAIL.AC.UK
> > Subject: Do I need SpamAssassin?
> > 
> > 
> > As I understand it MS checks for spam with help from 
> > databases, it also uses blacklists and whitelists. Detected 
> > spam can be marked and delivered or deleted. Am I right so far?
> 
> Yes, but most of the spam we receive at this site is not from RBLd sites so is missed without SA.
> 
> > 
> > I would like to keep it simple so what do I need SA for? It's 
> > more "advanced" but what does it mean to me? Will I get a lot 
> > of spam without it? Is it worth the added complexity?
> 
> It is definitely worth running SA with MS. You will get more spam without it (see comment above).
> 
> You can pretty well install SA out of the box and run it immediately with MS without changes. You only need to set the Low/High spam socres in MS and possibly disable some/all the RBL checks that SA does.
> 
> This site makes heavy use of local SA rules but I suspect we are in a very small minority. Perhaps rather more sites tweak the scores for some standard SA rules.
>  
> > 
> > Also, the mail system I want MS in uses Exchange on the 
> > inside and they have anti-virus scanners for that database 
> > and also on every desktop.
> > 
> > Is there any point for me to scan mail for viruses at the MTA 
> > (Sendmail) level as well? Isn't the virus scan more resource 
> > demanding than the spam and attachment checks? I'm running 
> > Solaris and not all companies offer scanners for that 
> > platform. Any advice?
> 
> One advantage of doing A-V scanning via MailScanner on your Mail Hubs (MTA level) is that you can run each message through multiple A-V products. We currently use Sophos and McAfee with MS. This has the advantage that if one A-V product fails (database update or engine failure for example) or is not updated with a new virus signature quickly enough, there is a good chance the other A-V scanner will pick up the virus.
> 
> Running SA is _very_ resource intensive. Just running Sendmail and MS plus one A-V product will demand more resources but not so significant that you should have to upgrade your platforms.
> 
> We originally ran Sendmail + MS + McAfee (for A-V) on Solaris boxes. Note that Sophos also runs on Solaris.
> 
> Our Ultra-5 boxes could not cope with the additional load of SA so we upgraded all of our Mail Hubs to generously resouced dual-processor Dell boxes and now run Linux rather than Solaris. Our MTA configuration runs Sendmail + MS + Sophos + McAfee + SA and still they are more than 50% idle. We have 18,000 users and handle more than 500,000 incoming messages per week.
> 
> > 
> > Sorry for all the newbie questions but I'm really interested 
> > in using this. I have a chance of replacing a commercial 
> > Windows-based system that costs $20.000 a year in licensing 
> > alone and I really want to show what open source can do but 
> > this is new to me so I need help. Thanks.
> 
> You can chose cheaper A-V products than we run so your only outlay then is the one-off  cost of upgrading your MTA to a decently specified Intel box on which to run Linux + Sendmail (or Exim) + MS + SA + one/two A-V products.
> 
> For example a 2.5GHz dual-processor Dell box with 2GB memory and 4 x large capacity SCSI disks will cost you less than £5,000. Go for 4 x SCSI disks with two separate controllers so that you can use software mirroring (RAID1) for resilience; one disk of a mirror set is your system and log disk, the other disk of the mirror set is your spool disk.
> 
> Even better if you can duplicate that configuration and run with two MTA's which become equal precedence MX hosts for your domain. This not only gives you additional site resilience but also means you should never have capacity problems for a very long time to come! 
>   
> Quentin
> ---
> PHONE: +44 191 222 8209    Computing Service, University of Newcastle
> FAX:   +44 191 222 8765    Newcastle upon Tyne, United Kingdom, NE1 7RU.
> ------------------------------------------------------------------------
> "Any opinion expressed above is mine. The University can get its own."