Spam filter project

As we've discussed in the last few Network Managers meetings, spam filtering is being implemented for the network border. The conceptual overview appeared in the IT Bulletin for August.

What follows is some more info for network managers and postmasters.

The core router's load balancing module will direct incoming SMTP traffic to a pair of filter systems. These servers will receive and process messages, then forward them to the recipient server.

Considerations for individual mail installations

We hope to avoid intefering with your normal operations: the idea is to enhance your mail, not detract from it! There are a couple of points we want to ask about; if you think of any more potential problem areas, please contact Ken Sallenger and Steve Wright at postmaster@sc.edu.

1. If you have client SMTP connections from off campus, please let us know right away. This is not the norm, but at least one unit is using authenticated connections to allow their users to submit mail.

   We will consult with you on how to accomodate that.

2. If you are already doing spam control, please think about how our service may affect you.

   Obviously it interferes with anything based on the connecting server address; so let's put our heads together on block lists, in particular.

3. Any other gotcha's?

Configuration overview

• Linux operating system on commodity server hardware.
• SMTP mail transport agent: sendmail.
• Framework for local processing: MailScanner.
• Virus scanning: McAfee ViruScan in file mode.
• Heuristic scanning of mail: Spam Assassin has a flexible configuration to accomodate our needs. It will be add mail header lines containing information for the receipient.
• Block lists of spam sources and relay points:

Most of you have noticed by now that
(a) most software components are open-source
(b) all have commercial support available, if that is desirable.

Rough time line for implementation

Oct 1

Two systems in place.

Oct 3

Net routing of test mail for redundancy, load-balancing. Test DNS zone transfer spamhaus.org.

Oct 4

Configure router NAT, so the systems can receive the mail! Test DNS lookups of Spamhaus zone. Test transfer of DSBL open relay zone.

Oct 5-9

Confirm operation of SMTP with local access list and Spamhaus zone.
Remaining configuration of Mail Scanner, Spam Assasin, McAfee AntiVirus.

TBA

Test universal SMTP routing with no filtering enabled.

Oct 15

Phase 1: Spamhaus block list.
Phase 2: To vet for false positives, may consider using header tagging to identify hits from open-relay lists.

TBA?

Phase 3: Spam Assasin performs heuristic analysis and header tagging.