[Mimedefang] Re: compare mimedefang to mailscanner
Les Mikesell
les at futuresource.com
Wed Jan 17 18:25:29 EST 2007
John Rudd wrote:
> Accepting a message that your own scanners say contains
> spam/virus/bad-content, and then crafting a bounce message for it
> instead of delivering it, is a bad practice and should never be done.
Dropping valid messages without notifying the sender is an even worse
practice.
"Bad content" is a fairly arbitrary concept. Can you honestly claim
that you are
anywhere near 100% correct in your determination of that? As an
approximation
I bump up the spamassassin scores on certain content to extremely high
values
and have MimeDefang reject with a message like "message screened for
content,
please rephrase". In at least some cases, that has found its way back
to the sender
as intended.
>
> 2) Don't accept it. Reject it. Give an SMTP 4xx or 5xx result, with
> a reason for why you didn't accept it. Let the submitting (SMTP
> client) host figure out what to do with it from there. Most likely
> it's a spam/virus bot, and the problem is resolved.
>
MimeDefang can do this; I don't think Mailscanner can.
>
> You'll notice that neither of these is "bounce it".
>
In a practical sense, it is. If the other end of the SMTP conversation
is an
RFC-conforming server, your 5xx rejection forces it to construct a bounce.
If it is a virus, it will probably drop on the floor.
>> The majority of my inbound mail is to unknown users. When I used a
>> mailer that
>> accepted, then bounced it would fill my outbound queue to the point
>> that normal
>> outbound mail was often delayed. Does mailscanner on a relay
>> machine have a
>> way to check valid users on the destination host before accepting?
>>
>
> That's not mailscanner's job. That's the MTA's job.
>
Which is why the scanner should run as a milter so it can inform the MTA
what to do at the appropriate time.
> 1. The MTA says "yes that's a valid recipient" or "no, that's not a
> valid recipient", and accepts or doesn't accept the message accordingly.
>
I run MimeDefang on a relay machine that has no concept of 'valid
recipients'.
> So, the check you're talking about is done by the MTA in step one. It
> can do this with any number of possibilities (alias file,
> milter-ahead, mimedefang's recipient verification, an LDAP lookup,
> etc.). Mailscanner doesn't do that job for you.
So, in my situation, MimeDefang is a win with it's
md_check_against_smtp_server()
function, along with its ability to reject with a reason in a way that
at least sometimes
does the right thing.
--
Les Mikesell
lesmikesell at gmail.com
More information about the MIMEDefang
mailing list