| 1 |
On 12/03/2011 07:59 PM, Grant wrote: |
| 2 |
>>> I haven't set up any antivirus measures on my Gentoo systems so I |
| 3 |
>>> think I should. Is clamav run as a scheduled filesystem scanner on |
| 4 |
>>> each system and as an email scanner on the mail server all that's |
| 5 |
>>> necessary? |
| 6 |
>> |
| 7 |
>> |
| 8 |
>> Nobody (as far as I know?) scans linux filesystems unless there's a legal |
| 9 |
>> requirement or the files might wind up on a Windows box. |
| 10 |
> |
| 11 |
> Very cool. I found out clamscan and avgfree scan the filesystem so I |
| 12 |
> thought I should set it up, but if it's not necessary I won't bother. |
| 13 |
> All of my mail users are on Gentoo so do I need to bother having |
| 14 |
> clamav scan my incoming mail? |
| 15 |
|
| 16 |
Well, they aren't going to get infected with anything, but ClamAV could |
| 17 |
still keep the virus message (which is obviously unwanted) out of their |
| 18 |
inbox. There are also some third-party signatures[1] for ClamAV that |
| 19 |
catch scam/phishing mail. |
| 20 |
|
| 21 |
|
| 22 |
>>> I'm currently greylisting email to prevent spam from getting through. |
| 23 |
>>> It catches a lot, but more and more gets through. I'm not using any |
| 24 |
>>> mailfilters now and If I set up a clamav mailfilter I think I may as |
| 25 |
>>> well set up a spamassassin mailfilter to take the place of |
| 26 |
>>> greylisting. Is this the best guide for clamav and spamassassin: |
| 27 |
>> |
| 28 |
>> |
| 29 |
>> SpamAssassin shouldn't take the place of greylisting; they reject different |
| 30 |
>> stuff. Keep the greylisting unless the delays bother you, but use postscreen |
| 31 |
>> to do it (see below). |
| 32 |
> |
| 33 |
> I just did some reading on postscreen but it doesn't sound like a |
| 34 |
> greylister. Should I use postscreen in addition to postgrey, or are |
| 35 |
> they substitutes for each other? |
| 36 |
> |
| 37 |
|
| 38 |
Postscreen isn't a greylist daemon per se, but it has the same effect if |
| 39 |
you enable the "deep protocol" tests. Once it gets past the initial |
| 40 |
greeting (into the "deep" stages), postscreen can no longer hand off the |
| 41 |
session to a real smtpd. So, even if the client passes all of the tests, |
| 42 |
postscreen will send it a "4xx try again." That's essentially greylisting. |
| 43 |
|
| 44 |
Postscreen, like Postgrey, keeps a database of good clients, so you |
| 45 |
shouldn't lose any functionality there. This is what makes the |
| 46 |
aforementioned 4xx strategy work: when the client reconnects, it |
| 47 |
bypasses postscreen entirely and goes to a real smtpd. |
| 48 |
|
| 49 |
I would make the switch when you have some free time. Postscreen is part |
| 50 |
of postfix, so it removes one dependency from your mail system. It also |
| 51 |
adds a couple of nice anti-spam features for free. And, if you ever |
| 52 |
decide to implement Amavis, postscreen makes the before-queue setup viable. |
| 53 |
|
| 54 |
|
| 55 |
>>> http://www.gentoo.org/doc/en/mailfilter-guide.xml |
| 56 |
>>> |
| 57 |
>>> Could I run into any problems with clamav or spamassassin that might |
| 58 |
>>> make we wish I hadn't implemented them? |
| 59 |
>> |
| 60 |
>> |
| 61 |
>> Yeah. The first is false positives. The second, related problem is that |
| 62 |
>> you'll have to manage a quarantine unless you stick amavisd-new in front of |
| 63 |
>> the postfix queue. |
| 64 |
> |
| 65 |
> Now that sounds like a hassle. Greylisting leaves me with about 50/50 |
| 66 |
> spam/legit mail and maybe incorporating postscreen I'll do even |
| 67 |
> better. Deleting spam in my inbox might be easier than dealing with |
| 68 |
> false positives and managing a quarantine. |
| 69 |
|
| 70 |
You should be able to do a lot better than that with just postscreen and |
| 71 |
postfix. If you try to implement postscreen, post your main.cf over on |
| 72 |
postfix-users for review. The built-in restrictions combined with a few |
| 73 |
RBLs should get you well below 50/50. |
| 74 |
|
| 75 |
Plus, if you still get too much spam, you'll already have postscreen in |
| 76 |
place and that will make adding amavisd-new that much easier. |
| 77 |
|
| 78 |
|
| 79 |
[1] http://www.sanesecurity.com/ |
Archives