[BlueOnyx:14662] Re: Frontend Mail Filter

Colin Jack colin at mainline.co.uk
Sat Feb 15 12:11:51 -05 2014 

Hi Chuck

If you're problem is tons of SPAM coming in, and driving the server crazy trying to handle it - we had that same issue a few years ago.  We eliminated that problem completely with a Linux product from Roaring Penguin.

Roaring Penguin's CanIt SPAM filter works great - easily stopping more than 95% of SPAM with just the greylisting feature.  With SpamAssassin, RBLs, and their own learning network database of SPAM -- our CanIt server stops more than 99% of incoming SPAM.

And just like SpamAssassin - you can set the default action scores.  Our settings are 0-5 are valid mail = deliver.  Scores of 5 to 10 is maybe = hold and tell the user to review.  Above 10, its SPAM = delete and log.  Above 100 = don't even bother logging.  And of course, it learns as you tell it certain messages are SPAM or HAM -- so you have less and less to review as time goes by.

In our case, we host a lot of domains for customers - so we bought the CanIt Domain Pro package.  We've got about 250 domains on it now, and are even selling that filtering service to outside customers in other parts of the country.  All their e-mail flows through it here for filtering - and valid e-mail is delivered to the end server, whether its one of our BlueOnyx servers or hosted Exchange out on the Internet.

If you're interested in CanIt - contact me direct.  I can set up a separate realm, domain, and administrator for them - to let you see how adding/deleting/administration is done.  Its actually one of the easiest of the servers I have to manage - rarely having to do anything besides add or delete domains.


And then, to stop the scripts connecting via IP instead of using the MX records -- I put IPTables rules in our BX servers that only accept TCP port 25 connections from our internal networks and from the CanIt server.  That completely eliminated the problem with connections bypassing the CanIt server.  But it does require that every domain on that BX server have their mail going through the CanIt server (otherwise, the IPTables rules are a headache).

Once we got those two pieces in place - the amount of e-mail hitting our servers dropped so much, we were able to just about double the number of domains hosted on each server (without driving the CPU load through the roof).


That sounds interesting – I will take a look.

Colin

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.blueonyx.it/pipermail/blueonyx/attachments/20140215/0a734295/attachment.html>

More information about the Blueonyx mailing list