[Mimedefang] Should I try to do MIMEDefang with Mailscanner for backup MX

Steve Campbell campbell at cnpapers.com
Tue Jun 20 20:42:33 EDT 2006


Thank you,

I was beginning to think that maybe I had misread what MIMEDefang really did.

Quoting John Rudd <john at rudd.cc>:

> On Jun 20, 2006, at 12:54, David F. Skoll wrote:
> > Steve Campbell wrote:
> >
> >> I would like to install MIMEDefang on both of these boxes, keeping MS
> >> and SA, to block those backdoor secondary-MX spammers.
> >
> > You should use either MIMEDefang or MailScanner, not both.
> > MIMEDefang and MailScanner do roughly the same thing (though the way
> > they do it and their particular capabilities are different.)
> >
> Actually, having been using both, I think there are ways in which they 
> don't overlap, and trade-offs for each.  I think it's perfectly 
> reasonable to use them together, when you recognize where they do and 
> don't overlap.
> a) MIMEDefang does things like relay checks, sender checks, and 
> recipient checks that MailScanner doesn't do.

This is where I want to remove the backup MX senders.

> b) MailScanner does bulk AV and AS checks, instead of one at a time 
> checks (which may lead to a net gain in efficiency).

I would leave the MS/SA functions as they are. They would still do the AV and AS
checks, but probably have less emails to check as MD has deleted the spammers'
attempt around the primary MX. Although both servers are primary and secondary
MX servers, they are deleting at the MTA, so both have less process cycles due
to reduced MS/SA emails to check.

> I think it would be perfectly reasonable, if you don't want/need to 
> reject viruses during the SMTP transaction, to use each of them for 
> those two roles.  Use MD just for filter_relay, filter_sender, and 
> filter_recipient.  Then use MailScanner for all of your virus scanners 
> and spam assassin.
> Though, there's one more wrinkle:
> c) MailScanner does Spam Assassin first, and then your AV scanners ... 
> so you're passing all of your viruses through Spam Assassin.  There's 
> no way around this.  So, if you're concerned about it, you might do AV 
> checks in MD to reduce your number of messages going through SA, and SA 
> in MS (ooh, acronym soup).  Though, at that point, I don't know if the 
> bulk SA checks in MS are a net win over MD or not.

Not a problem that I can see.

> If you're not concerned about item C, then I stick with my suggestion.  
> If you are concerned with item C, or if you're wanting to do virus 
> rejections during SMTP, then my current opinion is to just go with 
> MIMEDefang alone.

So the thread is reopened. Thanks.

The real problem I saw is that I can't find online man pages for
mimedefang-filter, and most stuff I saw dealt with the md_check_smtp_*, or
something like that, for checking if a user is a valid recipient on a server.
Sorry, I'm at home now and don't have my notes in front of me.

One for, one against.

I have just started playing with milters, so I like something that is
configurable, more so than those that are fairly single-purposed.

> _______________________________________________
> NOTE: If there is a disclaimer or other legal boilerplate in the above
> message, it is NULL AND VOID.  You may ignore it.
> Visit http://www.mimedefang.org and http://www.roaringpenguin.com
> MIMEDefang mailing list MIMEDefang at lists.roaringpenguin.com
> http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

This mail sent through IMP: http://horde.org/imp/

More information about the MIMEDefang mailing list