Advantages to using Mailscanner for Spam Filtering only !? [WasRe: MailScanner with Trend Micro]

Mon Jun 16 22:18:11 IST 2003

Stephen

>>/
>>I am using SpamAssassin with procmail. I don' t think I need MailScanner
>>since SpamAssassin is executed by procmail for every incoming mail and is
>>currently reading user preferences from a
>>SQL database and now recently switched to Trend.
>>/
>>
> I would disagree on several counts:
>
> 1. MailScanner calling SpamAssassin is much more efficient that
> calling SpamAssassin from procmail
> 2. MailScanner will protect your system and users from many more types
> of attack than SpamAssassin and MicroTrend alone.
> 3. MailScanner can read SQL preferences from and SQL database and look
> for some very nice enhancements in this area soon.
> 4. MailScanner provides an "attachment" feature which spares your
> users the nasty images and verbiage
>
I'd like to elaborate on this discussion by generalizing it to the
question of
"Why should I use Mailscanner if I just want to filter spam site-wide?".

I ask this question first since I am planning to roll out a site-wide
anti-spam solution
for a large university, but the AV is already done at another tier, so
MS's excellent
capabilities to integrate multiple AV products is moot.

Secondly, I've just started a collaborative document in progress at the
Linux Documnentation Project
for an Anti-Spam-Howto where I plan to have a section on site-wide spam
filtering where MS will
have an important place.

As far as I can tell, the site-wide solutions for integrating
Spamassassin(SA) on a largish site are
MS, amavisd-new, and spamd, and possibly a milter solution, though I
dont know how the latter
extends across MTAs.

Some of the advantages of MS, in addition to the ones Stephen mentioned
above, are

1. MTA agnosticism -- in general software that spans platforms and
applications tends to be more robust.
2. A meta-level of control over both the MTA and SA (for things like
white/black lists and its extensible rules syntax).
3. Unified logging, including log analysis tools like the MS-mrtg and
Mailwatch projects, in addition to the possibilities
to support even more sophisticated cluster configurations implied by the
move to SQL backend support.
4. The possibility of on the fly damage control -- even if AV is done at
another tier MS allows the possibility of a second
line of defense, perhaps long before an AV vendor releases a data file
update. (Though recent viruses like polymorphic bugbear-b
complicate everyones lives).
5. A large active community of users, and this excellent mailing list.

Let me know if I have missed anything.

Chris