Anti-SPAM SMTP Gateway

Ah joy of joys. One good, and bad, thing about Exchange 2007 is that you need to run a separate installation of an SMTP gateway. It’s good for security and also for lowering the load on the exchange server. It’s bad because that’s one extra point of failure, and it won’t work straight out of the box.

Up until recently we’ve been running a custom installed MAIA/Postfix/ClamAV/SpamAssassin server. The problem we’re encountering is the huge database files created by MAIA. Logging of every email is necessary, but we’re growing by 1GB every week. MySQL is a nice server, but even it has limits. One of those limits is when the server grows to the max of the HD – then all services stop. Never a fun time.

So as a backup plan, we installed a standard Ubuntu server running a standard SMTP postfix configuration. Only issue with that is it doesn’t have the anti-SPAM/greylisting (at least it has the AV installed). So instead of 99% of SPAM being blocked, it’s at 0%. Not fun.

Since I’m not the best at Postfix configuration, I decided to go with a package deal: ESVA (Email Security Virtual Appliance). Yes, it’s a virtual machine. You need to run a VMWare server of sorts (or workstation) in order to use this software suite. Click here for the website. So far it’s been a breeze to setup – it’s maintained by several people, has a forum board, and a few whitepapers on how to install/administer. I’ll be fully testing it out on a maiden voyage soon, so look for an update.

***UPDATE***

Here’s a few items that I learned during setup:
Stop “SPAM Not Delivered” messages
Edit /etc/MailScanner/MailScanner.conf and remove "notify" from the spam actions line.
Webmin stops working after an update or during initial setup. You MUST open webmin using the admin panel interface link (under tools).
If you want to edit the message body tags (the “scanned by ESVA” blah blah) go here:
/etc/MailScanner/reports/en
And edit the files you see (txt and html).
To keep /var low, do the following:
Turn on the script in /etc/cron.daily/clean.quarantine by changing the number 0 1
$days_to_keep = 14; in /etc/cron.daily/clean.quarantine
define(QUARANTINE_DAYS_TO_KEEP, 14); in /var/www/html/conf.php
INTERVAL 14 DAY in /usr/local/bin/mailwatch/tools/db_clean.php
esva-update and esva-configure are your friends
/etc/hosts is your friend too – You might need to add the IP of your mailserver and the name here

As a final update: I’m getting roughly 500MB worth of mail every day (SPAM and regular). It doesn’t appear to actually delete the SPAM as I have stated per the rules, but I set the days to keep quarantine to be 7 days instead of 14. 7 days X 500MB = 3.5GB. Weekends receive a ton less mail, so we’d probably be fine with 14, but I just want to make sure.

Leave a Reply

Your email address will not be published. Required fields are marked *