Zero / Love

So at work I maintain at the moment 4 Spam and Virus scanning servers. They run both ClamAV and SpamAssassin. Starting with our mail hub, i'm going to do a couple of post on what they do, what I use and why. If you have any questions feel free to email me or post a comment.

The first system is our mail hub, it runs Qmail and host mail for clients that check their E-Mail via Pop and or Imap. We use Vpopmail for this system so that we can host many domains. We have an base install of Qmail-Rocks but with some of our own changes. Currently the SMTP server is running Magic Mail but i'm wanting to switch over to John Simpsons Qmail Combined Patch Set. It does everything that Magic Mail does, but is still Qmail-Smtpd. I also like the SMTP Auth parts in his patch. This system is a hoss and does alot of work.

We do the scanning on this system at the very first part of the connection. Using valid user checking in Magic Mail we are able to drop many of the dictionary type attacks at the start. So what is a dictionary attack. Well this is when an spammer known from here on as a idiot tries to send an email to a domain using random letters, numbers, and words from a dictionary. This can also be taken care of with Jon Simpson's validrcpto patch. Once we do this we scan using a custom mailfilter. If the user wants spam and virus checking, and not everyone does. Yea I know that is weird but we have some travel agencies that sign up for every spam sight on the internet. We link a copy of our custom mailfilter into the domain or home directory and use it to do the scanning. First using another custom script, it uses clamav to scan the message and if it finds a virus it moves it to a virus quarantine. Then it hits spamassassin and runs against it. We only mark the subject with spam and then send it either to the users inbox or to a .Spam folder.

This server handles about 100,000 emails a day on a slow day. The sad part still is that %90 of it is spam or viruses.

Next time.. settings