[c-nsp] OT: How do you fight spam in your enterprise? I needhelp

[Andy Dills]

On Thu, 20 Dec 2007, Ted Mittelstaedt wrote:

> The expensive commercial spamfiltering solutions only make sense
> for mid-tier ISPs, that is, the ISPs that have networks too big
> for a single admin to do everything, but are not large enough to
> be capitalized to the extent that they can hire a programming team
> to just chase spam.  They have enough money to pay a commercial
> firm to do it, but not enough money to hire a warm body and
> put them on staff to do it.

Our solution: FreeBSD boxes running postfix interfacing with amavisd-new, 
which scans the mail with ClamAV (with the additional 3rd party dbs), and 
also with spamassassin (with DCC, RAZOR, FuzzyOCR). L4 switch on the 
front, MySQL and NFS on the back...private DCC as well as DNS mirroring of 
the RBLs. Custom web interface for the customers to enable individual 
management of filter settings and white/black lists. Tools to monitor the 
queue sizes. I would consider this a very commonly used solution, it's not 
like we're doing anything special.

While installing, configuring, and tweaking everything from scratch does 
take every bit of 5 hours, perhaps several days if you aren't familiar 
with the process, implementing additional servers to accomodate the 
increasing load takes us less than 30 minutes, as they are implemented by 
booting the FreeBSD install disk, going into a fixit shell, mounting a 
fileserver, and restoring from a dump (changing a couple of config files). 
Takes about 30 minutes total, most of which is waiting for the restore to 
complete.

I don't think the amount of time required to manage the actual mail 
infrastructure (the abuse mail being a seperate issue) scales with volume, 
unless you implement a solution that doesn't scale. 

I would assume most of the companies using a commercial mail product are 
companies without technical talent. 

Andy

---
Andy Dills
Xecunet, Inc.
www.xecu.net
301-682-9972
---