General questions regarding MS, SpamAssassin stuff

[Drew Marshall]

Jason Williams wrote:

> I want to start off with RBL checks. It looks like you can have MS do rbl
> checks. However, I can also setup rbl checks in sendmail. Is there a
> better
> one to use? Would it be better to configure rbl checks in my .mc file and
> build it into sendmail, or should I allow MS to do the RBL checks? Is
> there
> a better performance booster if one is used over the other?
>
I use two of those three options. I block using a couple of fairly
conservative lists (relays.ordb.org and the combined spamhaus.org lists)
and also do some other sender 'sanity' tests (FQN sender etc) then get
SpamAssassin to do the rest using more aggressive lists like Spamcop
etc).Ii work on the basis that it takes a lot to get on the Spamhaus
list and the relays list checks before listing (Can't say fairer than
that) so if a message is rejected from those it's better than 90% likely
to be spam. The other lists just add to the spam score adding more
weight to SpamAssassin's assessment.

> Secondly, i've been able to get MS and ClamAV to gel nicely. Everything
> appears to work nicely. Sending the test eicar virus is immediately
> detected by MS and ClamAV, which is very nice. Right now, im debating on
> whether to add another AV scanner and which one.
>
Many here seem to use F-Prot (including myself) which seems to work
well. Just depends on how much you want to spend. Some products cost
more, some less and l wouldn't want to call which is best. I read that
over the last virus writing spree the CA product was not updated that
fast but during that time most of the commercial products struggled to
keep up :-(

> Moving on, I wanted to ask some questions regarding SpamAssassin, razor
> stuff etc. I'm quite new to SpamAssassin and the razor stuff, but I would
> like to take full advantage of spam checking. I've also ready about
> bayes,
> which appears to be a learning type system that can help build
> SpamAsassins
> spam identification and would like to take advantage of this as well.

You would do worse than look at the rules_du_jour extra rule sets for
SA. Really caught a load of spam for me (And helped bayes learn faster)

>
> Since my MS machine is going to be running as a mail gateway system, what
> are some general, recommended methods for setting up spam
> identification/traps? For instance, if I want to take advantage of bayes,
> it appears that I have to keep a copy of the email in a certain directory
> and then run a command against the emails in the directory. I may be
> posting on the wrong list and if so I apologize.
>
Bayes can self learn so you don't have to manually feed it. Obviously it
can be faster and sometimes make a more accurate database if it's fed.

--
In line with our policy, this message has
been scanned for viruses and dangerous
content by MailScanner, and is believed to be clean.
www.themarshalls.co.uk/policy