[Mimedefang] Checking SPAM first before virus
Kelson
kelson at speed.net
Tue Jun 13 12:58:03 EDT 2006
Mathew Thomas wrote:
> Is it a good idea to check the SPAM first before checking the virus?
> Hope this can reduce some load on our gateways. What have I to do check
> the SPAM first on our existing installation without doing any
> recompilation?
Actually, you're probably better off checking for viruses first, then
spam. Spam checks tend to be much more resource-intensive than virus
checks.
One optimization I'd suggest, if you haven't already done it, is to make
sure you're using ClamAV via clamd rather than the clamav executable.
That way MIMEDefang just connects to the daemon instead of having to
load the entire virus database from disk each time.
Some other ideas for lightening your load: If you can find a blacklist
that you trust, you can block some messages in Sendmail, before they
even get to MD/SA/Clam/UV. Check for forged HELO strings in
filter_sender and reject senders who pretend to be your server. Reject
incoming mail claiming to be from your admin accounts in filter_sender.
Since you're running Sendmail 8.13, enable greet_pause, which will
block senders that ignore the SMTP handshake. Sendmail 8.13 also has
some rate control and connection control features that will limit the
number simultaneous connections from a given host.
Basically, anything *simple and reliable* that can drop junk before it
gets to SpamAssassin will improve matters.
Another thing: SA 2.64 and MD 2.44 are both very old. You might look
into upgrading SpamAssassin (which will probably require a newer version
of MIMEDefang), since you're basically checking for 20-year-old spam.
--
Kelson Vibber
SpeedGate Communications <www.speed.net>
More information about the MIMEDefang
mailing list