[TriLUG] Open source spam control & filtering?

Thu Dec 22 14:26:50 EST 2005

BrightMail is probably one of the best commercial solutions currently
available.  Cerient is the place I'd go if I didn't want to implement
the FOSS way myself.  Go Cerient!  Anyway, I looked at many and
BrightMail stood out.  MY biggest obstacle was hardware for the SMTP
Gateway... but I still like the accountability factor.  It's not that
Symantec will blink if I threaten to leave them, but if something
*does* go wrong - CEO's anger gets projected at THEM and not ME!!  :)

David McD

On 22 Dec 2005 13:22:07 -0500, Jon Carnes <jonc at nc.rr.com> wrote:
> MailScanner is *very* easy to install and maintain... And you can even
> buy it - MailScanner has a commercial side that does consulting,
> installation, support, etc. Also some local IT firms install and support
> it. A fairly good IT group that does this is:
>  http://www.cerient.net
>
> BrightMail is *very* good. They are a good example of private folks
> using OpenSource to benefit corporations. One thing they do that is
> "bright" is put out bait email addresses on the web and use those for
> gathering spam. They have some nice real-time (grey-listing type) of
> algorithms that let them get a very high hit ratio on actual spam
>
> Using and tweaking MailScanner, I've gotten spam blocking that
> approaches what BrightMail stops but I've never been able to equal it.
> Where BrightMail will stop 98% of the spam, I'm only stopping 97% - but
> I'm also stopping every virus and spy-ware that tries to pass in via
> email.
>
> MailScanner (run by us internally) is a good idea for my company/ISP. We
> have a couple of skilled IT guys who know Linux very well - and the
> specifics for many Open Source apps. If you are a one IT person shop
> with a boatload of other responsibilities then you will go much farther
> in life if you learn to let others do your work for you! and BrightMail
> does work *very* well.
>
> Jon Carnes
>
> Still, the spammers are very
> On Thu, 2005-12-22 at 12:40, Cristobal Palmer wrote:
> > The "Someone else is accountable" argument doesn't hold water. Are you
> > really going to sue Symantec? Are you going to threaten to drop your
> > account with them? Unless you are a relatively substantial account,
> > they're not going to blink. Presumably you went with them because they
> > were the best solution in the first place, right? How much time do you
> > want to spend on the phone with Symantec support agents? Personally
> > I'd rather be doing the fixing myself (and/or writing to this list or
> > asking in the freenode #trilug channel if I get stuck).
> >
> > I can think of several arguments in favor of a FOSS solution off the
> > bat: (1) Price/Performance, (2) Tweakability, (3) return on
> > investment--the larger the user pool, the better the solution when it
> > comes to FOSS, and all you put in was some time.
> >
> > Going with a FOSS solution has many other benefits which others are
> > better at extolling. Just remember that David's argument presupposes a
> > flawless drop-in solution from the proprietary vendor and slow going
> > with the FOSS setup and maintenance. Those may turn out to be true,
> > but it sounds like you've done just fine with FOSS setup so far, and I
> > bet you'll be less confident in the proprietary vendors when you
> > actually read their disclaimers and warranty forms. Maybe I'm wrong. I
> > hate to see somebody give up before trying. Especially in an area
> > where Open Source projects are doing really well.
> >
> > -CMP
> >
> > On 12/22/05, Chad Thomsen <chad.thomsen at gmail.com> wrote:
> > > You make some excellent point David.  The more I think about it I might go
> > > with a comercial solution.  I am afraid of adding anything else complicated
> > > to the mix here as I am the only network guy here and if I leave I think my
> > > shoes would be hard to fill as I run so many different things between Cisco,
> > > Motorola, AS400, Citrix, Linux (snort)  Windows yadda yadda.  Why add the to
> > > the complexity.  " someone else is responsible/accountable if the product
> > > fails to deliver!!" is the major kicker here for me.  8-)
> > >
> > > I am mainly looking at Symantic Brightmail, Iron Port, Barracuda,
> > > Cypertrust, Trend Micro (since we have there desktop AV solution).
> > >
> > > Thanks!
> > >
> > > Chad
> > >
> > > On 12/22/05, David McDowell <turnpike420 at gmail.com> wrote:
> > > >
> > > > I'm stuck with Exchange as well.  I went with a purchased solution
> > > > from Symantec that includes the Brightmail plugin to their Mail
> > > > Security product for AntiSpam/AntiVirus.  I have to say it works quite
> > > > well.  The amount of spam in our inboxes has gone from 100 a day for
> > > > some people to less than 2 per week - for each employee.  The CEO was
> > > > getting over 300 per day... she now gets about less than 1 every other
> > > > week.  The results are mixed in that sense, but I'd say that's about
> > > > 98% give or take.
> > > >
> > > > Now if you want open source... I'm sure others in the thread will
> > > > suggest the popular postfix + spamassassin + clamAV + postgrey (new
> > > > greylisting stuff).  There have been various discussions on these mail
> > > > gateways over the last couple years on list so you may be able to
> > > > google search using "site:trilug.org" and find some of that
> > > > information.  The greylisting stuff is new.  People are apparently
> > > > raving about it... spamassassin simply isn't cutting it by itself
> > > > anymore it seems.  I know at home I'm getting 30 spams a day right now
> > > > that get through.  It totally sucks.  I have instructions for
> > > > implementing greylisting and will probably do so this weekend.
> > > >
> > > > good luck on your choice!  BTW, another reason I went for a paid
> > > > solution... someone else is responsible/accountable if the product
> > > > fails to deliver!!  :)  Yes I chose the product, but when you pay for
> > > > something (in the CEO's eyes) you have greater accountability for it
> > > > to work properly.  The SPAM issue was too huge here (b/c of their
> > > > previous admins never teaching them anything so they used their email
> > > > addresses EVERYWHERE on the Internet) ... so I had to make sure that
> > > > solution worked (and I didn't have extra hardware for the SMTP Gateway
> > > > either).
> > > >
> > > > David McD
> > > >
> > > >
> > > > On 12/21/05, Chad Thomsen <chad.thomsen at gmail.com> wrote:
> > > > > Am going to put an Exchange server in for email and I have no choice on
> > > > > that.  I do however have a choice in Spam/Virus/HTTP filtering for a
> > > > gateway
> > > > > solution.  Want to filter spam, viruses, spyware and possibley stop
> > > > users
> > > > > from visiting black listed web sites that are against company policy.
> > > > >
> > > > > I am looking at all types of products form Symantec, Barracuda, Iron
> > > > Port,
> > > > > Trend etc etc.  I thought I might even build myself an opensource one.
> > > > > Question for you all is there a good open source solution?
> > > > >
> > > > > I am open to any suggestions.  This is for a corporate environment with
> > > > > about 250 users.
> > > > >
> > > > > Thanks!
> > > > >
> > > > > Chad
> > > > > --
> > > > > TriLUG mailing list        :
> > > > http://www.trilug.org/mailman/listinfo/trilug
> > > > > TriLUG Organizational FAQ  : http://trilug.org/faq/
> > > > > TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
> > > > >
> > > > --
> > > > TriLUG mailing list        : http://www.trilug.org/mailman/listinfo/trilug
> > > > TriLUG Organizational FAQ  : http://trilug.org/faq/
> > > > TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
> > > >
> > > --
> > > TriLUG mailing list        : http://www.trilug.org/mailman/listinfo/trilug
> > > TriLUG Organizational FAQ  : http://trilug.org/faq/
> > > TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
> > >
> >
> >
> > --
> >
> > Cristobal M. Palmer
> > UNC-CH SILS Student
> > cristobalpalmer at gmail.com
> > cmpalmer at ils.unc.edu
> > ils.unc.edu/~cmpalmer
> > "Television-free since 2003"
>
> --
> TriLUG mailing list        : http://www.trilug.org/mailman/listinfo/trilug
> TriLUG Organizational FAQ  : http://trilug.org/faq/
> TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
>