1 |
On 12/03/2011 07:59 PM, Grant wrote: |
2 |
>>> I haven't set up any antivirus measures on my Gentoo systems so I |
3 |
>>> think I should. Is clamav run as a scheduled filesystem scanner on |
4 |
>>> each system and as an email scanner on the mail server all that's |
5 |
>>> necessary? |
6 |
>> |
7 |
>> |
8 |
>> Nobody (as far as I know?) scans linux filesystems unless there's a legal |
9 |
>> requirement or the files might wind up on a Windows box. |
10 |
> |
11 |
> Very cool. I found out clamscan and avgfree scan the filesystem so I |
12 |
> thought I should set it up, but if it's not necessary I won't bother. |
13 |
> All of my mail users are on Gentoo so do I need to bother having |
14 |
> clamav scan my incoming mail? |
15 |
|
16 |
Well, they aren't going to get infected with anything, but ClamAV could |
17 |
still keep the virus message (which is obviously unwanted) out of their |
18 |
inbox. There are also some third-party signatures[1] for ClamAV that |
19 |
catch scam/phishing mail. |
20 |
|
21 |
|
22 |
>>> I'm currently greylisting email to prevent spam from getting through. |
23 |
>>> It catches a lot, but more and more gets through. I'm not using any |
24 |
>>> mailfilters now and If I set up a clamav mailfilter I think I may as |
25 |
>>> well set up a spamassassin mailfilter to take the place of |
26 |
>>> greylisting. Is this the best guide for clamav and spamassassin: |
27 |
>> |
28 |
>> |
29 |
>> SpamAssassin shouldn't take the place of greylisting; they reject different |
30 |
>> stuff. Keep the greylisting unless the delays bother you, but use postscreen |
31 |
>> to do it (see below). |
32 |
> |
33 |
> I just did some reading on postscreen but it doesn't sound like a |
34 |
> greylister. Should I use postscreen in addition to postgrey, or are |
35 |
> they substitutes for each other? |
36 |
> |
37 |
|
38 |
Postscreen isn't a greylist daemon per se, but it has the same effect if |
39 |
you enable the "deep protocol" tests. Once it gets past the initial |
40 |
greeting (into the "deep" stages), postscreen can no longer hand off the |
41 |
session to a real smtpd. So, even if the client passes all of the tests, |
42 |
postscreen will send it a "4xx try again." That's essentially greylisting. |
43 |
|
44 |
Postscreen, like Postgrey, keeps a database of good clients, so you |
45 |
shouldn't lose any functionality there. This is what makes the |
46 |
aforementioned 4xx strategy work: when the client reconnects, it |
47 |
bypasses postscreen entirely and goes to a real smtpd. |
48 |
|
49 |
I would make the switch when you have some free time. Postscreen is part |
50 |
of postfix, so it removes one dependency from your mail system. It also |
51 |
adds a couple of nice anti-spam features for free. And, if you ever |
52 |
decide to implement Amavis, postscreen makes the before-queue setup viable. |
53 |
|
54 |
|
55 |
>>> http://www.gentoo.org/doc/en/mailfilter-guide.xml |
56 |
>>> |
57 |
>>> Could I run into any problems with clamav or spamassassin that might |
58 |
>>> make we wish I hadn't implemented them? |
59 |
>> |
60 |
>> |
61 |
>> Yeah. The first is false positives. The second, related problem is that |
62 |
>> you'll have to manage a quarantine unless you stick amavisd-new in front of |
63 |
>> the postfix queue. |
64 |
> |
65 |
> Now that sounds like a hassle. Greylisting leaves me with about 50/50 |
66 |
> spam/legit mail and maybe incorporating postscreen I'll do even |
67 |
> better. Deleting spam in my inbox might be easier than dealing with |
68 |
> false positives and managing a quarantine. |
69 |
|
70 |
You should be able to do a lot better than that with just postscreen and |
71 |
postfix. If you try to implement postscreen, post your main.cf over on |
72 |
postfix-users for review. The built-in restrictions combined with a few |
73 |
RBLs should get you well below 50/50. |
74 |
|
75 |
Plus, if you still get too much spam, you'll already have postscreen in |
76 |
place and that will make adding amavisd-new that much easier. |
77 |
|
78 |
|
79 |
[1] http://www.sanesecurity.com/ |