[TriLUG] Open source spam control & filtering?

Jon Carnes jonc at nc.rr.com
Thu Dec 22 13:22:07 EST 2005 

MailScanner is *very* easy to install and maintain... And you can even
buy it - MailScanner has a commercial side that does consulting,
installation, support, etc. Also some local IT firms install and support
it. A fairly good IT group that does this is:
  http://www.cerient.net

BrightMail is *very* good. They are a good example of private folks
using OpenSource to benefit corporations. One thing they do that is
"bright" is put out bait email addresses on the web and use those for
gathering spam. They have some nice real-time (grey-listing type) of
algorithms that let them get a very high hit ratio on actual spam

Using and tweaking MailScanner, I've gotten spam blocking that
approaches what BrightMail stops but I've never been able to equal it.
Where BrightMail will stop 98% of the spam, I'm only stopping 97% - but
I'm also stopping every virus and spy-ware that tries to pass in via
email.

MailScanner (run by us internally) is a good idea for my company/ISP. We
have a couple of skilled IT guys who know Linux very well - and the
specifics for many Open Source apps. If you are a one IT person shop
with a boatload of other responsibilities then you will go much farther
in life if you learn to let others do your work for you! and BrightMail
does work *very* well.

Jon Carnes

Still, the spammers are very
On Thu, 2005-12-22 at 12:40, Cristobal Palmer wrote:
> The "Someone else is accountable" argument doesn't hold water. Are you
> really going to sue Symantec? Are you going to threaten to drop your
> account with them? Unless you are a relatively substantial account,
> they're not going to blink. Presumably you went with them because they
> were the best solution in the first place, right? How much time do you
> want to spend on the phone with Symantec support agents? Personally
> I'd rather be doing the fixing myself (and/or writing to this list or
> asking in the freenode #trilug channel if I get stuck).
> 
> I can think of several arguments in favor of a FOSS solution off the
> bat: (1) Price/Performance, (2) Tweakability, (3) return on
> investment--the larger the user pool, the better the solution when it
> comes to FOSS, and all you put in was some time.
> 
> Going with a FOSS solution has many other benefits which others are
> better at extolling. Just remember that David's argument presupposes a
> flawless drop-in solution from the proprietary vendor and slow going
> with the FOSS setup and maintenance. Those may turn out to be true,
> but it sounds like you've done just fine with FOSS setup so far, and I
> bet you'll be less confident in the proprietary vendors when you
> actually read their disclaimers and warranty forms. Maybe I'm wrong. I
> hate to see somebody give up before trying. Especially in an area
> where Open Source projects are doing really well.
> 
> -CMP
> 
> On 12/22/05, Chad Thomsen <chad.thomsen at gmail.com> wrote:
> > You make some excellent point David.  The more I think about it I might go
> > with a comercial solution.  I am afraid of adding anything else complicated
> > to the mix here as I am the only network guy here and if I leave I think my
> > shoes would be hard to fill as I run so many different things between Cisco,
> > Motorola, AS400, Citrix, Linux (snort)  Windows yadda yadda.  Why add the to
> > the complexity.  " someone else is responsible/accountable if the product
> > fails to deliver!!" is the major kicker here for me.  8-)
> >
> > I am mainly looking at Symantic Brightmail, Iron Port, Barracuda,
> > Cypertrust, Trend Micro (since we have there desktop AV solution).
> >
> > Thanks!
> >
> > Chad
> >
> > On 12/22/05, David McDowell <turnpike420 at gmail.com> wrote:
> > >
> > > I'm stuck with Exchange as well.  I went with a purchased solution
> > > from Symantec that includes the Brightmail plugin to their Mail
> > > Security product for AntiSpam/AntiVirus.  I have to say it works quite
> > > well.  The amount of spam in our inboxes has gone from 100 a day for
> > > some people to less than 2 per week - for each employee.  The CEO was
> > > getting over 300 per day... she now gets about less than 1 every other
> > > week.  The results are mixed in that sense, but I'd say that's about
> > > 98% give or take.
> > >
> > > Now if you want open source... I'm sure others in the thread will
> > > suggest the popular postfix + spamassassin + clamAV + postgrey (new
> > > greylisting stuff).  There have been various discussions on these mail
> > > gateways over the last couple years on list so you may be able to
> > > google search using "site:trilug.org" and find some of that
> > > information.  The greylisting stuff is new.  People are apparently
> > > raving about it... spamassassin simply isn't cutting it by itself
> > > anymore it seems.  I know at home I'm getting 30 spams a day right now
> > > that get through.  It totally sucks.  I have instructions for
> > > implementing greylisting and will probably do so this weekend.
> > >
> > > good luck on your choice!  BTW, another reason I went for a paid
> > > solution... someone else is responsible/accountable if the product
> > > fails to deliver!!  :)  Yes I chose the product, but when you pay for
> > > something (in the CEO's eyes) you have greater accountability for it
> > > to work properly.  The SPAM issue was too huge here (b/c of their
> > > previous admins never teaching them anything so they used their email
> > > addresses EVERYWHERE on the Internet) ... so I had to make sure that
> > > solution worked (and I didn't have extra hardware for the SMTP Gateway
> > > either).
> > >
> > > David McD
> > >
> > >
> > > On 12/21/05, Chad Thomsen <chad.thomsen at gmail.com> wrote:
> > > > Am going to put an Exchange server in for email and I have no choice on
> > > > that.  I do however have a choice in Spam/Virus/HTTP filtering for a
> > > gateway
> > > > solution.  Want to filter spam, viruses, spyware and possibley stop
> > > users
> > > > from visiting black listed web sites that are against company policy.
> > > >
> > > > I am looking at all types of products form Symantec, Barracuda, Iron
> > > Port,
> > > > Trend etc etc.  I thought I might even build myself an opensource one.
> > > > Question for you all is there a good open source solution?
> > > >
> > > > I am open to any suggestions.  This is for a corporate environment with
> > > > about 250 users.
> > > >
> > > > Thanks!
> > > >
> > > > Chad
> > > > --
> > > > TriLUG mailing list        :
> > > http://www.trilug.org/mailman/listinfo/trilug
> > > > TriLUG Organizational FAQ  : http://trilug.org/faq/
> > > > TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
> > > >
> > > --
> > > TriLUG mailing list        : http://www.trilug.org/mailman/listinfo/trilug
> > > TriLUG Organizational FAQ  : http://trilug.org/faq/
> > > TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
> > >
> > --
> > TriLUG mailing list        : http://www.trilug.org/mailman/listinfo/trilug
> > TriLUG Organizational FAQ  : http://trilug.org/faq/
> > TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
> >
> 
> 
> --
> 
> Cristobal M. Palmer
> UNC-CH SILS Student
> cristobalpalmer at gmail.com
> cmpalmer at ils.unc.edu
> ils.unc.edu/~cmpalmer
> "Television-free since 2003"

More information about the TriLUG mailing list