Anti spam solution for Sendmail


I would like to get some recommendations regarding an antispam solution for an sendmail/RHEL4 server running some 15000 users with about 500 virtual domains.
Today i am using some free RBL's to stomp spam but users are complaining about some legitimate email not being relayed through the server. I have checked these cases and found that they have been stopped by one of the RBL's configured.

What i am looking for is an antispam software that i can install on my mailserver which contains anti virus & anti spam filters which can be controlled by
an webinterface, for example if one user recives an email which is suspected to be spam he/she gets an email and the user can log into an webinterface and check some quarantine.

I am open to any suggestions, for the moment i have a huge amount of spam in some important mailboxes, for example the registry@...

I would also get some advice to enhance my sendmail configuration, this is my

VERSIONID(`setup for Red Hat Linux')dnl
dnl define(`confLOG_LEVEL', `9')dnl
dnl define(`confAUTO_REBUILD')dnl
define(`confTO_CONNECT', `1m')dnl
define(`ALIAS_FILE', `/etc/aliases')dnl
define(`STATUS_FILE', `/var/log/mail/statistics')dnl
define(`UUCP_MAILER_MAX', `2000000')dnl
define(`confUSERDB_SPEC', `/etc/mail/userdb.db')dnl
define(`confPRIVACY_FLAGS', `authwarnings,novrfy,noexpn,restrictqrun')dnl
define(`confAUTH_OPTIONS', `A')dnl
dnl #
dnl define(`confTO_QUEUEWARN', `4h')dnl
dnl define(`confTO_QUEUERETURN', `5d')dnl
dnl define(`confQUEUE_LA', `12')dnl
dnl define(`confREFUSE_LA', `18')dnl
define(`confTO_IDENT', `0')dnl
FEATURE(`mailertable',`hash -o /etc/mail/mailertable.db')dnl
FEATURE(`virtusertable',`hash -o /etc/mail/virtuser.db')dnl
dnl define(`confMAX_DAEMON_CHILDREN', 12)dnl
dnl define(`confCONNECTION_RATE_THROTTLE', 3)dnl
FEATURE(local_procmail,`',`procmail -t -Y -a $h -d $u')dnl
FEATURE(`access_db',`hash -T<TMPF> -o /etc/mail/access.db')dnl
FEATURE(`enhdnsbl', `', `"Spam blocked see:"$&{client_addr}')dnl
FEATURE(`enhdnsbl', `',`"550 Mail From " $`'&{client_addr}" refused - see"')dnl
FEATURE(`enhdnsbl', `',`"550 Mail From " $`'&{client_addr}" refused - see"')dnl
dnl FEATURE(`enhdnsbl',`',`"554 Mail From " $&{client_addr}" refused see:"')dnl
FEATURE(`enhdnsbl', `',`"550 Mail From " $`'&{client_addr}" refused - see\#why_rejected"')dnl
define(`confCONNECTION_RATE_THROTTLE', `10')
define(`confTO_IDENT', `0')
define(`confMAX_RCPTS_PER_MESSAGE', `30')dnl
define(`MAX_MESSAGE_SIZE', `10000000')dnl
FEATURE(`conncontrol', `nodelay', `terminate')dnl
FEATURE(`ratecontrol', `nodelay', `terminate')dnl
FEATURE(`greet_pause', `2000')dnl
DAEMON_OPTIONS(`Port=smtp,Addr=, Name=MTA')dnl
DAEMON_OPTIONS(`Port=smtp,Addr=, Name=MTA')dnl
dnl INPUT_MAIL_FILTER(`clmilter',`S=local:/var/clamav/clmilter.sock, F=, T=S:4m;R:4m')dnl
INPUT_MAIL_FILTER(`mimedefang', `S=unix:/var/spool/MIMEDefang/mimedefang.sock, F=T, T=S:360s;R:360s;E:15m')
define(`confINPUT_MAIL_FILTERS', `mimedefang')dnl
dnl define(`confINPUT_MAIL_FILTERS', `clmilter')
dnl FEATURE(`accept_unresolvable_domains')dnl
dnl FEATURE(`relay_based_on_MX')dnl

I am running pop-before-smtp, the spam problem has not been worse after i started using it. It's about the same as before..

Best Regards, Rickard
Who is Participating?
icky2000Connect With a Mentor Commented:
Yeah, we're using Postini. Typically t hey have been very good (I'm only a customer, no affiliation). Bad timing here, however, as they had a rough day yesterday with some rare slowdowns on their system that caused up to 30 minute delays for mail during the middle of the day. They communicated well during all of this with their customers but it still hurts. I still suspect their uptime is as good as most and as good as it would be if I were running it in-house.
Well, youj already have MIMEDefang (or at least the MILTER entry for it), and that's an excellent anti-SPAM tool. Check out the MIMEDefang website (, especially the wiki, for configuration tips and filter code. I've found HELO checks to be more effective than blacklists.

I'll have some more info for you when I have a chance to sit down and write it. In the mean time, see if you also have Clam Anti-Virus (ClamAV, It may be used via MIMEDefang, and so would not show up in the sendmail configuration.

Finally, before you go twiddling with your sendmail configuration, take some time to sit down and understand what it currently does, and document it. For some guideposts, see the Practical Modern sendmail Configuration article at -->, especially the sample file in the Resources section.
My first suggestion would be to stop using It is a very aggressive list and often legit servers get placed on it. I had to stop using it because many hotmail, yahoo, and mail servers were getting listed. Instead you could use just their dynamic IP list

You might want to think about something like greylisting. It rejects all incoming mail *the first time* with a tempfail 40x error, forcing the sending server to retry. Nearly all legit servers will retry, while spammers do not. Once the message is resent  the sender (ip and email) are whitelisted and stored for a period of time. I'm on the research stage of implementing that now on my servers.
Cloud Class® Course: Microsoft Azure 2017

Azure has a changed a lot since it was originally introduce by adding new services and features. Do you know everything you need to about Azure? This course will teach you about the Azure App Service, monitoring and application insights, DevOps, and Team Services.

Actually, there's been some chatter recently on the MIMEDefang mailing list, specifically about how SPAMmers are on to greylisting and are starting to retry when TEMPFAILed. I'm not saying that greylisting is a bad idea or that it won't help, but it seems to be less effective than it once was.
I agree with PsiCop about clmilter line in your mc file (now u are processing mail twice)  mimedefang should do all the jobs (antivirus and antispam).
Probably u don't need procmail (comment out...).
Popauth (pop befor smtp) don't change nothing about spam...

DSPAM is a possible solution to the quarantice check
It has a quarantine folder so gives the user the ability to identify the occasional false positive and re-learn them as innocent emails, when your antispam is working well disable agressive rbl so u don loose mail.

try to add
r_svorenAuthor Commented:
DSPAM looks nice, are you using the software ?
I'm using it in some productions site because  amavis-new has  the dspam support, now usually my mail servers are sendmail +clamv+bitdefender +spamassasin+dspam whith central quarantine, but I need quarantine per user. Probably in the next month I'll start to testing, something putting it behind of a standard installation.
Production site (not really produtcion is my mail server) (MTA,amavis-new,clamv,bitdefender,spamassassin) ->forward all the mail to Test Site (MTA,clamv,bitdefender,Dspam native) and looking the differential mail passed and switch the test as frontend ... I need know very well before it to deploy my customers.
My idea is also to try amavis a ligth spamassassin (tuned not aggresive) with central quarantine (nobody ask me for that mails) and  dspam as local delivery agent with user quarantine.    
I think DSPAM  is interesting and emerging antispam software.


It is worth thinking a little about the configuration you've asked for. Your plan is to replace every spam message a user receives with a new email that informs them a spam message has been caught. Most users will then log in to the website to look at the message and determine if they want to delete it or not. This takes three times as long as actually deleting the message itself and seems worthless to me. It helps if you can include the sender and subject line on the alert email they get but still, they are receiving the same number of messages before and it is just as big a nuisance for most users. In environments I've been in where management asks for this feature, users have complained and eventually we stop sending the emails and users can just log in to check the web site for caught mail once a week or as often as they wish to or ignore it completely unless something they were expecting didn't get through.

I agree with jar3817 about not using that particular RBL. I encounter a ton of these things built by people who don't have to support business critical installations where you can't get away with blocking all mail from AOL, etc. Most companies would find this disastrous.

There is another spam solution worth looking at and that is offloading the workload to a third party. Fighting spam takes up a lot of your time. Postini provides a very good service that does everything you've mentioned and you don't have to futz with it constantly. Unless you want to, in which case there are plenty of options discussed above.
r_svorenAuthor Commented:
Are you actually using Postini ?
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.