Hi! We have several Debian Etch machines running with the famous ISPConfig using Postfix, policyd-weight, SpamAssassin, saslauth, Courier IMAP+POP3, ... While our system proved pretty effective in regards of incoming spam mails, I am aware that today infected and otherwise compromised machines are used to send spam. What I'd like to do is check outgoing mail (from our customers and ourselves) and detect spam within them. This would inform our customers/us if something may be wrong with a pc and may also prevent our servers from getting blacklisted (they never were, but you can never be cautious enough). I just wonder how to achieve this.
You could do this by integrating amavisd-new into Postfix: http://www.howtoforge.com/amavisd_postfix_debian_ubuntu
Let me see, if I get it right: While in my case SpamAssassin is invoked via procmail whenever a mail is delivered to a local mailbox/-dir amavis-new fetches every queued mail, invokes some actions and then reöinserts it into the queue? Just curious, but while communication is done over network, would it be possible to set up a dedicated machine, running amavis-new, SA and ClamAV that does nothing more than spam- and virus scanning and acts as kind of workhorse for frontend servers (mixed mail- / web-servers, e.g. running ISPC ) ?
