[Mimedefang] Educated opinions please.

Jelinek, David G. David.Jelinek at cmich.edu
Mon Oct 27 10:57:56 EST 2003 

 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I would appreciate opinions and comments on our AntiSpam/AntiVirus
plan. 

Our current config is:

      One machine with MX records for cmich.edu domain runs LSOFT's
LSMTP and routes all cmich.edu mail (except for list mail) to a
machine that does antivirus scanning. 

      The anti virus scan machine sends the mail to a mirapoint box
that routes the mail based on LDAP entries to either a mirapoint
landscape or an exchange landscape. 

       Port 25 in is blocked except to the LSMTP machine. 


Plan:

       Two RedHat boxes for incoming mail running
Sendmail/MimeDefang/Spammassassin. The MX records for cmich.edu would
point to these boxes. So would the MX records for any of our sub
domains (like cps.cmich.edu). Mail addressed only userid at cmich.edu
would be delivered based on LDAP entries (sendmail connection to open
ldap). We would like to set it up so that each user could have their
own white and black lists (for spam only not virus). The default
would be that spam is tagged in the header and delivered, but we
would like each user to have the option to have spam tagged above a
certain level deleted at these servers. The ideal would be to have
these user options in ldap. Virus scan would always be done. For most
viruses the virus would be removed but the message delivered. For
some viruses though we would want to have the message simply deleted.

Mail destined for the sub domains would be scanned for viruses and
treated as above. It would be scanned for spam but there would be no
individual white/black lists or options. The header would just be
inserted.


	Two RedHat boxes for outgoing mail running
Sendmail/MimeDefang/Spamassassin. No outbound SMTP connections would
be allowed except through these machines. Mail would be scanned for
viruses and spam and would be rejected/bounced if either was found
(spam above a certain level of course). To start with we would not be
requiring authentication on the SMTP connections to these machine but
we would plan to require it as soon as we could. 

	The LISTSERV machine would be outside this configuration (at least
to start with). 

Does this sound doable? From looking at the documents for the
software, it looks to us like it should be, but since we are new to
this software we would like some opinions from those who have been
working with it for a while. 

Thanks in advance.

David Jelinek 

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.2

iQA/AwUBP51AhB4EA8o3PdHGEQKf7wCgwCCW7vmkh7+WPT8defVGqh4PV3MAoOCV
RhgSy3WDMQ3dz1tU2ViAgFDT
=oIq7
-----END PGP SIGNATURE-----

More information about the MIMEDefang mailing list