Antispam solutions

[Jim Flowers]

Currently we are building our MXGuardian Mail Gateway systems around
MailScanner in the usual Sendmail-->MailScanner-->Sendmail alignment with the
top 5 RBLs and SURBLs running in the front end SM along with a number of SM
specific routines.  This eliminates more than 60% of the messages without
having to process the body.  MS is configured with dcc, razor, and pyzor
through spamassassin and clamAV for anti-virus as well as its own per-domain
and per-user features.  MS dumps another 8% as high scoring spam and tags 3%
to pass on to the users for their handling (all in % of total messages).

Mailwatch runs on top of MailScanner to give us visible control and the
ability to release individual messages from quarantine and train the Bayesian
DB.  Finally, Vispan produces some pretty graphs and lists but also monitors
the biggest spam offenders and feed-forwards the IP to be blocked by the SM
front-end for a blackout period.

We are in the process of adding milter-ahead in the SM front end to query the
destination mailhubs and eliminate handling of the unknown-user messages by
the gateway.

Typically we run up to 30 domains on a system with user counts from a couple
hundred to several thousands.  One system has a domain with right around
10,000 users on a middling FreeBSD server.  Load averages about 0.8 with daily
peaks to 2.0.  About once a month, a false positive has to be released from
the quarantine.  Of course there may be others, unidentified.

Good luck.

--
Jim Flowers<jflowers at ezo.net>