SMTP mail relay server for SPAM filtering

C. Sullivan plug-discuss@lists.plug.phoenix.az.us
Thu, 20 Jun 2002 21:54:25 +0000 (GMT) 

On Thu, 20 Jun 2002, Scott Henderson wrote:

> My company, like many, I'm sure, is wrestling with spam email. 
> Currently we're handling it manually, creating blocks on our
> Exchange server based on IP addresses.  We are not being given
> any budget to solve this problem, but we do have a few spare
> servers sitting around.  I'm thinking this may be an opportunity
> to show the MS-based IT Dept what can be done with some Open
> Source software.  I'd like suggestions on how to set up an SMTP
> mail relay box and anti-spam software.  I have a year or so
> experience with a few Linux distros on my desktop and laptop at
> home, so I'm no wizard, but I can usually find my way around. 
> Is this doable? We average around 6-700 SMTP emails per hour
> during the day, and spike to maybe 1500 on occasion.  I want to
> set the box up inside the DMZ, in front of the Exchange server,
> and just have it relay to and from that box.  What distro?  What
> software?  How to config?  Any HOWTOs on this or other resources? 
> Thanks much! 

The biggest problem when tackling spam filtering is political, not
technical.

One can eliminate almost all spam by simply not allowing HTML-encoded
E-mails; refusing to accept E-Mail from sites that have improper reverse
lookups, are listed in one of the many dial-up lists, and/or are coming
from networks like AOL (but not from one of AOL's well-publicized mail
servers); and by requiring that the To: header contain the target E-Mail
address (i.e. refuse Blind carbon copies).

The problem lies in the fact that with each of these significant changes,
you're going to have a small amount of "collateral damage."  The HTML
E-mail filtering alone may bite you: if colleagues outside your network
use Outlook, you might end up "accidentally" killing off messages intended
for delivery.

How are your users going to handle this situation?  Is the spam problem
bad enough that the vast majority of users are willing to deal with the
infrequent problems of a proper message not getting through? 


After you've fought all the political battles (either in your head or
literally hand-to-hand with your users), you might want to consider the
following:

Vipul's Razor is an excellent tool that filters spam based on a rating
system.  It's a bit "geeky", in that it is designed for unix geeks and
probably isn't the easiest to deal with.  However, I have heard of it
working with Sendmail and exim in an arrangement not unlike what you
desire (a front-end MTA ahead of
Exchange).  http://sourceforge/projects/razor is the sourceforge page.
	
Exim (my personal favorite MTA) can handle the quantity of messages you're
talking about (especially on a reasonably quick machine), and has the
ability to add MAPS RBL and the like into it.  It also can be configured
as a front-end MTA, however not quite as cleanly as qmail or sendmail.

I've done qmail as a front-end mail router/filter.  It does work well for
that functionality as well.  If you're interested, mail me offlist and
I'll see if I can find recipies for anti-spam for qmail (this was a
responsibility of mine at a former employer).

-Fedl