[GTER] Tutorial: Fairly-Secure Anti-SPAM Gateway Using OpenBSD

Klaus Steding-Jessen jessen at nic.br
Fri May 2 17:23:37 -03 2003


Tutorial: Fairly-Secure Anti-SPAM Gateway Using OpenBSD

"This document describes how to setup a spam-blocking email gateway
based on open source and freely available software. This procedure is
designed for a small to medium sized company with a single domain
(multiple domains are possible...just not described here). I will
describe how to setup a new computer that is meant to run on your
network's DMZ in between the Internet and a corporate email server
like Lotus Notes or Microsoft Exchange."

"This entire procedure has been developed with security as a primary
focus. The operating system is OpenBSD (www.openbsd.org), which is a
"Secure by Default" system with an amazing track record for security.

The email MTA is Postfix (www.postfix.org) which also has a good
record for security and is the easier of the 2 main competitors to the
troubled sendmail program.

Amavisd-new (www.ijs.si/software/amavisd) is the main filter which
processes email from postfix and ensures that we don't lose any
mail. Amavisd-new is an huge improvement over the original amavis
which was a simple virus scanner, and I think it is the best way of
implementing SpamAssassin (www.spamassassin.org).  SpamAssassin is the
main anti-spam component which works by comparing messages to a
ruleset and by using a statistical analysis that is custom built based
on your email.

In addition to the SpamAssassin spam detection software, we will be
using 2 online SPAM databases: DCC (www.rhyolite.com/anti-spam/dcc)
and Vipul's Razor (razor.sourceforge.net). These databases work by
comparing hashes of our email messages with hashes of known spam.

As a final security precaution, we will run all network processes in a
restricted-user/chroot environment,so if an attacker were able to
compromise one of the modules, the amount of damage they could do
would be seriously limited."

[continua, em: http://lawmonkey.org/anti-spam.html]

More information about the gter mailing list