Re: [Devil-Linux-discuss] Sagator as MTA?

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Hi,

Our level of email backscatter has increased 600% in last 6 weeks from =

avg of 6500/day to 35,000/day and is bogging down our mail server.

My first thought was to use my handy dandy DL to solve this. So I'm =

trying to configure a DL box to act as an email filter in front of our =

mail server, so once configured and tested I'll update our MX records ( =

I have 50 domains and 1000 users) to the new DL box.

I've got clamav & spamd configured, but trying to figure out how to get =

sagator to accept the inbound mail on port 25 before relaying the good =

email on to our QMail server.

	Don't do it like that. Sagator was designed to be a Postfix content =
filter. You are propably wasting your time. Instead, have Postfix listening =
port 25, and then forward that mail to Sagator. You get it back to Postfix. =
Then Postfix will use the transport table to forward the good mail to which =
ever IP you want. You can decide domain by domain where Postfix will send =
the good mail.

	The default Sagator conf is rather good. If you want to quarantine mail =
and have lots of spam, adding %d to the quarantine dir to make daily sam =
dir makes sense. Virus feed is so low, that one dir is sufficient.

	You also wnt to check rlimit on sagator.conf. It limit max msg size.

	Sagator source tar ball has a script which adds proper settings to Postfix =
master.cf, if you don't want to do it manually.

	One important note: I once had a spam filter receiving all the feed from =
the net. It failed. 100000+ mails in queues going for filtering. Uh.

	In my experience the Postfix UCE features are excellent. If you add to =
that a list of valid mail addresses, Postfix will not accept mail for =
invalid addresses. These two together reduce the amount of mail to really =
filter with Sagator down to about 1% of the original.

	1 GHz P3 box with 512 MB should alone be ok for 1000 users. I'd have 2-3 =
in parallel for redundancy.

in sagator.conf I tried :

  smtpd(SCANNERS,'64.34.15.2',25),

Where the IP is the IP of the DL box, from an other machine I telnet to =

port 25 and it accepts, but when I do "helo machinename" <cr> I get no =

response and the DL box keeps the connection open until I stop =
sagator.

So I've obviously got something wrong, or do I have to configure postfix =

to accept and hand off to sagator?

Any input would be greatly appreciated.

Mike

-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, =
security?
Get stuff done quickly with pre-integrated technology to make your job =
easier.
Download IBM WebSphere Application Server v.1.0.1 based on Apache =
Geronimo
http://sel.as-us.falkag.net/sel?cmd=3Dlnk&kid=3D120709&bid=3D263057&dat=3D12=
1642
_______________________________________________
Devil-linux-discuss mailing list
Dev...@li...
https://lists.sourceforge.net/lists/listinfo/devil-linux-discuss