[Mimedefang] accept, then scan?

[Andy Lyttle]

> I had this issue as well, but it wasn't SA that was the culprit, it  
> was
> ClamAV.

In my case it's not ClamAV, it's SA.  I'm using clamd, so if  
something is taking too long there, "top" will show clamd taking 99%  
CPU, but the problem I'm having is mimedefang.pl taking 99% CPU.  I  
added some code to print log messages, and confirmed that SA is  
definitely the problem - sometimes it takes only a second or two to  
run, but sometimes it takes 90 seconds or more.

> I solved it in three ways - first, made sure my access file in  
> Sendmail
> explicitly contained the mail addresses we accept mail for by using a
> Perl script to fetch the mail addresses from Exchange (previously,
> everything was scanned and sent to Exchange to be refused there, which
> obviously was bad).

I already have Sendmail rejecting mail to non-existent recipients,  
and some code in MIMEDefang to reject mail based on all kinds of  
other criteria.

> Second, I added a Spamhaus ZEN DNSBL check on the Sendmail level
> directly, which started rejecting thousands upon thousands of spam on
> initial connect; false positives seem to pretty much not happen, no
> complaints at all.

I have gotten false positives with zen.spamhaus.org, but I use sbl- 
xbl.spamhaus.org and a couple other DNSBLs with no problem.

~ Andy