[Mimedefang] Re: compare mimedefang to mailscanner

Les Mikesell les at futuresource.com
Wed Jan 17 18:25:29 EST 2007 

John Rudd wrote:
> Accepting a message that your own scanners say contains 
> spam/virus/bad-content, and then crafting a bounce message for it 
> instead of delivering it, is a bad practice and should never be done.
Dropping valid messages without notifying the sender is an even worse 
practice.
"Bad content" is a fairly arbitrary concept.  Can you honestly claim 
that you are
anywhere near 100% correct in your determination of that?    As an 
approximation
I bump up the spamassassin  scores on certain content to extremely high 
values
and have MimeDefang reject with a message like "message screened for 
content,
please rephrase".   In at least some cases, that has found its way back 
to the sender
as intended.

>
> 2) Don't accept it.  Reject it.  Give an SMTP 4xx or 5xx result, with 
> a reason for why you didn't accept it.  Let the submitting (SMTP 
> client) host figure out what to do with it from there.  Most likely 
> it's a spam/virus bot, and the problem is resolved.
>

MimeDefang can do this; I don't think Mailscanner can.

>
> You'll notice that neither of these is "bounce it".
>

In a practical sense, it is.  If the other end of the SMTP conversation 
is an
RFC-conforming server, your 5xx rejection forces it to construct a bounce.
If it is a virus, it will probably drop on the floor.
>> The majority of my inbound mail is to unknown users.  When I used a 
>> mailer that
>> accepted, then bounced it would fill my outbound queue to the point 
>> that normal
>> outbound mail was often delayed.   Does mailscanner on a relay 
>> machine have a
>> way to check valid users on the destination host before accepting?
>>
>
> That's not mailscanner's job.  That's the MTA's job.
>

Which is why the scanner should run as a milter so it can inform the MTA
what to do at the appropriate time.

> 1. The MTA says "yes that's a valid recipient" or "no, that's not a 
> valid recipient", and accepts or doesn't accept the message accordingly.
>

I run MimeDefang on a relay machine that has no concept of 'valid 
recipients'. 

> So, the check you're talking about is done by the MTA in step one.  It 
> can do this with any number of possibilities (alias file, 
> milter-ahead, mimedefang's recipient verification, an LDAP lookup, 
> etc.).  Mailscanner doesn't do that job for you.

So, in my situation, MimeDefang is a win with it's 
md_check_against_smtp_server()
function, along with its ability to reject with a reason in a way that 
at least sometimes
does the right thing.

-- 
  Les Mikesell
   lesmikesell at gmail.com

More information about the MIMEDefang mailing list