[Mimedefang] compare mimedefang to mailscanner
John Rudd
john at rudd.cc
Tue Jan 16 11:51:38 EST 2007
Mike Campbell wrote:
> I have been using mimedefang for a couple of years now and just today
> ran across the mailscanner program. On first glance it appears that the
> 2 do about the same thing. Have some of the experts here tried both of
> these and have a comparison as to how they differ? Is it worth my while
> to spend time trying to configure mailscanner?
>
> For what it is worth my mail server currently processes around 500-600
> messages a day on a P3 500 mhz machine with 128 meg of memory.
>
The big differences are:
1) MIMEDefang happens during the SMTP session, so you have the option to
do things like tempfails (SMTP 4xx return code), which allows you to do
Greylisting, or rejections (SMTP 5xx return code). MailScanner needs 2
mail queues (one for pre-scanned mail, one for post-scanned mail), and
does not happen during the SMTP session (so your only options are
deliver, clean, silently delete (bad), send back a bounce report (bad)).
So, MIMEDefang lets you _reject_/refuse-to-accept a virus, a bad
attachment, or a high-scoring spam message. MailScanner does not.
(this also means that MailScanner has a sometimes significant latency
between when it accepts a message, and when that message finally gets to
the local recipient; in large environments this latency can be
noticeable, and cause complaints from your users)
2) MailScanner gets an economy of scale out of doing HUGE volumes of
anti-virus scans in one pass. For example, MailScanner's 2 fastest
virus scanners are the command-line sophos sweep, and the command-line
clamscan (not clamdscan; clamd significantly slows things down for
MailScanner). In contrast, these are very SLOW mechanisms for
MIMEDefang, because MIMEDefang doesn't get that economy of scale (with
MIMEDefang you really DO want to use clamd). For your 500-600 messages
per day, you probably wont really see that economy of scale with
MailScanner.
3) MIMEDefang lets you specify the order of checks. With MailScanner,
you HAVE to do SpamAssassin first, and Virus Scanning last. That means
you're running the very CPU expensive SpamAssassin checks on viruses.
With MIMEDefang, you can set the order just by re-arranging code in your
mimedefang-filter.
4) MIMEDefang also lets you do other kinds of checks: checks on the
relay, checks on the sender, checks on each recipient, all before you do
any other spam/virus checks. This lets you do anything from blocking
suspicious content, to doing the equivalent of "milter-ahead" to verify
that a destination host has the recipient's address (with MailScanner
you have to either use milter-ahead, or keep an up-to-date aliases file,
or something like that).
That said, you CAN use them together. You could use MIMEDefang for fast
checks and during-SMTP-session checks (relay checks, helo checks, sender
checks, recipient checks, attachment filename checks, maybe clamd
anti-virus checks), and then use MailScanner for bulk checks and checks
that would slow down your SMTP sessions (other virus scanners,
SpamAssassin). This reduces the amount of messages you're submitting to
MailScanner (and thus SpamAssassin), and if you do clamd with MIMEDefang
you're not going to be spamscanning most of your virus traffic nor
bad-attachment traffic.
Personally, I stopped using MailScanner at home 2 years ago, and stopped
using MailScanner at work 2 months ago. I greatly prefer MIMEDefang.
But, it does require a bit more CPU (so that you can do all of those
checks on a per-message basis, and during the SMTP session before it
times out). But your traffic levels shouldn't be a big burden to most
machines.
MailScanner is a great package. I just prefer to have the option to
reject content instead of cleaning/marking it and then delivering it.
(and, to be fair, I will probably stop using MIMEDefang at home, in the
not so distant future; I am switching MTA's from Sendmail to CommuniGate
Pro; CGP doesn't use the milter interface, but uses a plugin interface
of a different kind ... so I'm in the process of building up the
infrastructure for those plugins; it's nothing against MIMEDefang -- if
CGP had a means of using milters, I would keep using MIMEDefang with CGP)
More information about the MIMEDefang
mailing list