[Mimedefang] Should I try to do MIMEDefang with Mailscanner for backup MX

[John Rudd]

On Jun 20, 2006, at 12:54, David F. Skoll wrote:

> Steve Campbell wrote:
>
>> I would like to install MIMEDefang on both of these boxes, keeping MS
>> and SA, to block those backdoor secondary-MX spammers.
>
> You should use either MIMEDefang or MailScanner, not both.
> MIMEDefang and MailScanner do roughly the same thing (though the way
> they do it and their particular capabilities are different.)
>

Actually, having been using both, I think there are ways in which they 
don't overlap, and trade-offs for each.  I think it's perfectly 
reasonable to use them together, when you recognize where they do and 
don't overlap.


a) MIMEDefang does things like relay checks, sender checks, and 
recipient checks that MailScanner doesn't do.

b) MailScanner does bulk AV and AS checks, instead of one at a time 
checks (which may lead to a net gain in efficiency).


I think it would be perfectly reasonable, if you don't want/need to 
reject viruses during the SMTP transaction, to use each of them for 
those two roles.  Use MD just for filter_relay, filter_sender, and 
filter_recipient.  Then use MailScanner for all of your virus scanners 
and spam assassin.

Though, there's one more wrinkle:

c) MailScanner does Spam Assassin first, and then your AV scanners ... 
so you're passing all of your viruses through Spam Assassin.  There's 
no way around this.  So, if you're concerned about it, you might do AV 
checks in MD to reduce your number of messages going through SA, and SA 
in MS (ooh, acronym soup).  Though, at that point, I don't know if the 
bulk SA checks in MS are a net win over MD or not.

If you're not concerned about item C, then I stick with my suggestion.  
If you are concerned with item C, or if you're wanting to do virus 
rejections during SMTP, then my current opinion is to just go with 
MIMEDefang alone.