Here are some stats from one day on a single spam server. There was a total of 45,963 emails. Of these only 11,585 where Ham or good emails. With a total of 34,378 Spam emails. Now remember we don’t allow random email’s, these where all for real users. I also received no false positives or emails that where marked spam that should not have been.
Now lets talk about what these spam messages contained.
8,443 of them have an adult subject, with 2573 talking about someone’s penis
4,135 of them have a specific subjects
760 where about drugs
3863 where an We offer something type spams
But with all of these here are some better stats…
I started testing Justin Mason’s auto generated rules. I update mine every morning. I have also re scored them all to 1.5 points from the 4.7 that they default to. This same day, it caught 11,139 of the spam messages.
Tags: email, spam, Work
While last time we talked about the mail hub, this time I’m going to talk about our Spam and Virus pass through server. This server also runs qmail but has no local mailboxes. With qmail we use smtp routes to deliver mail to clients that have their own mail server. This lets us be their front end to the internet and spam and virus scan. It is like a gateway spam and virus filter. Except it is on a larger scale. It will also allows all the clients with exchange servers to take their server down, and we will hold the mail for a time.
Incoming email is handled by magic mail smtpd. With this we are able to maintain a list of valid users and keep from just accepting email for any address. Once this is done it is handed off to qmail-scanner-queue.pl. This runs ClamAV and Spamassassin on the message. We quarantine virus and mark spam in the subject.
Why do we only mark spam? Well because all email must be delivered. While on the previous server we maintain the mailbox and can create a .Spam folder that is not downloaded via pop3 we can’t do that with this server. All our servers are designed to fail open. To always give the client their email. With clients like law firms, financial institutes, and engineers we do not want to stop any email from getting to them.
Some clients are just to big to do this, or they have special circumstances and need a whole server by themselves. I also have several of these and I will in a later post go into detail as to what some of the custom setups.
I know your waiting on the configurations, and that is coming up. So hang in there.
Tags: email, spam, Work
So at work I maintain at the moment 4 Spam and Virus scanning servers. They run both ClamAV and SpamAssassin. Starting with our mail hub, i’m going to do a couple of post on what they do, what I use and why. If you have any questions feel free to email me or post a comment.
The first system is our mail hub, it runs Qmail and host mail for clients that check their E-Mail via Pop and or Imap. We use Vpopmail for this system so that we can host many domains. We have an base install of Qmail-Rocks but with some of our own changes. Currently the SMTP server is running Magic Mail but i’m wanting to switch over to John Simpsons Qmail Combined Patch Set. It does everything that Magic Mail does, but is still Qmail-Smtpd. I also like the SMTP Auth parts in his patch. This system is a hoss and does alot of work.
We do the scanning on this system at the very first part of the connection. Using valid user checking in Magic Mail we are able to drop many of the dictionary type attacks at the start. So what is a dictionary attack. Well this is when an spammer known from here on as a idiot tries to send an email to a domain using random letters, numbers, and words from a dictionary. This can also be taken care of with Jon Simpson’s validrcpto patch. Once we do this we scan using a custom mailfilter. If the user wants spam and virus checking, and not everyone does. Yea I know that is weird but we have some travel agencies that sign up for every spam sight on the internet. We link a copy of our custom mailfilter into the domain or home directory and use it to do the scanning. First using another custom script, it uses clamav to scan the message and if it finds a virus it moves it to a virus quarantine. Then it hits spamassassin and runs against it. We only mark the subject with spam and then send it either to the users inbox or to a .Spam folder.
This server handles about 100,000 emails a day on a slow day. The sad part still is that %90 of it is spam or viruses.
Next time.. settings
Tags: linux, spam, Work
Well I’ve gone and done it. I have registered a domain for my blog. It is now http://www.zerosource.org you can still reach it from the old http://zerosource.blogspot.com. I was registering a domain for my wife and GoDaddy gave me the option to get two for the price of one. I couldn’t pass it up.
Tags: Uncategorized
So this is Copper Leroy, he is a Beagle. We call him our special boy. He’s special because a week after we got him he developed parvo and almost died. He spent a week in ICU at the Vet’s. He loves Ice Cream! Oh and Laptop power cords…
Tags: Family
