Set it and forget it?

Stephen Swaney steve.swaney at fsl.com
Mon Nov 26 22:35:17 GMT 2007 

Ugo Bellavance wrote:
> Steve Campbell wrote:
>>
>>
>> Ugo Bellavance wrote:
>>> Steve Campbell wrote:
>>>> I'm curious as to how much time is spent by most of the email 
>>>> admins here using MS. I realize that some of my efforts could be 
>>>> streamlined by upgrading to the latest release, but the people here 
>>>> seem to think that this is a "set it and forget it" type of operation.
>>>
>>> I don't believe that.
>> Gosh, maybe it _is_ me then.
>
> Not sure.  What I meant is similar to what Hugo said.  It does need 
> maintenance, as spam is evolving.  We see a new version of SA almost 
> every 3 months, MS about the same, then razor, DCC, system updates.
>
> More components you have, more effective it is, but more maintenance 
> it requires.
>
> What I meant is that it is not a system that you can install and let 
> hum for a few months w/o touching it.
>
We do make such a system. It's not as flexible as MailScanner and it's 
not open source but it does run for a long time with very minimal 
maintenance and very little cost.

It's our BarricadeMX product with SpamAssassin (using spamd) and ClamAV 
(using clamd) along with Razor, SARE rules and DCC. All of the software, 
The operating system, CentOS 5, and all applications are updated using 
rpms. Many of which we maintain in our own yum repositories.

Since BarricadeMX typically correctly identifies over 90% of the 
incoming mail as spam and rejects it with an NDR, there aren't a lot of 
messages to push through SpamAssassin or ClamAV.

And since there are few options:

 * You can reject at the MTA level with NDR if spam score is greater
   than x.xx
 * You can tag and deliver if spam score is less than x.xx but
   greater than y.yy
 * You can deliver untouched if spam score is less than y.yy and
   Message passes ClamAV
 * You can reject with NDR is message is rejected by ClamAV.
 * You can white / black list with a web interface

And you cannot:

 * Block on filename or file type
 * Disarm dangerous HTML
 * Quarantine anything (not necessary because messages are rejected
   with an NDR or accepted)

Most of the cool things MailScanner can do to protect your email systems 
are not available. This is a basic but simple system.

You do get a very low maintenance, high capacity gateway that does a 
very good job at detecting spam with little white / black listing 
required and a very low false positive ratio.

A single core, single CPU system with 2 GB of memory can actually handle 
over 1,000,000 delivery attempts a day so you can push a LOT of mail 
through relatively inexpensive systems.

We have very inexperienced Systems Administrators using these systems 
because it really is as simple to maintain as running `yum -y update`.

And if you want the best of both worlds and don't mind a bit more work, 
you can run BarricadeMX on most MailScanner systems. This gives you very 
high capacity gateways that really block almost every bit of the junk 
that's out there

Best regards,

Steve

Steve Swaney
www.fsl.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: steve.swaney.vcf
Type: text/x-vcard
Size: 305 bytes
Desc: not available
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20071126/7da712a0/steve.swaney.vcf

More information about the MailScanner mailing list