[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Mail Server Architecture



> After mulling over the idea of having a virus/spam filter on an MTA, I
> believe that the best solution is to use an enterprise anti-virus
> program like Norton Anti-Virus and an email client that supports
> Bayesian spam filtering.  The setup should be where the anti-virus
> server downloads the latest updates and sends them to each Windows
> workstation to update their Norton Anti-Virus client. Why?
>

<snip>

> That's just my thoughts; I'm interested in any constructive criticisms
>

Im not going to restate some of the arguments others have already made,
rather I'll enlighten you on how my users work.

If you don't control the workstation where you users read their email, you
can't assume that anti-virus is install. We provide IMAP-SSL access for
our users, allowing them to read their email on their laptop or at home. I
don't trust them enough to believe that they have anti-virus installed,
let alone an updated anti-virus. Many of these home anti-virus
installations are also configured to bounce virus infected emails, I
figure it's better that my mail server just handle it correctly and drop
the email. If we delete the virus on the mail server, we also limit the
amount of space we use to store virus... Not really a big problem, but
still. In terms of CPU load, ClamAV isn't really that heavy, it might be
on systems with more users than mine.

Spam, now this is a funny problem. Originally we simply tagged spam using
Spamassassin, being very careful only placing the tag in the header. This
was done in case a message was wrongly tagged and a user needed to reply.
I believed that there where a posibility that someone would hit reply and
include all the Spamassassin crud. That would in my opinion look bad in
the eyes of the recipient. Only two of our users had the skills to
configure their email client to filter out spam in a seperate folder.
Consider if they had to use a baysian spamfilter, I don't think that
wouldn't work at all. At this point we, much against my wishes, we discard
any email tagged with a spam-level higher than 8. Why, because that's
strangely enough how the users like it, on amount to reasoning and
explaining seems to chance that.

I like our idea, but you have to be rather lucky if you have users that
can and will accept it.


-- 
Simon