MailScanner and mailing lists (again?)

Tue May 20 22:35:50 IST 2003

Apologies if this has been round before - I didn't find anything to
help in the archives. Also forgive me if I've overlooked a feature of
MailScanner - I'm a relatively new (and impressed :-) user.

My problem is the scanning (virus+spam) of mailing list email. As it
stands I'm currently scanning a message as it comes in, then scanning
it again as it goes out. This seems an awful waste of resources -
particularly when the second scan could actually be less accurate than
the first (wrt spam - the message has been altered by the list server).

I'm using Exim if that makes a difference.

To summarise the types of mail I have:

1. Normal incoming mail
2. Incoming mail for a mailing list
3. Outgoing mail from a mailing list
4. Locally generated (and maybe delivered locally) mail

I want to scan 1 & 2, and preferably 4, but not 3.

I've produced this list of solutions, none of which seem ideal... :-(

A.
All mail from the mailing list software (mailman) comes from an address
such as list-bounces at domain.com. So potentially I could use a rule to
not scan mail from this address. The only downside I see to this is that
someone could maliciously set their address to this if they wanted to
bypass the scanning.

B.
The mailing list outgoing mail is sent locally (via SMTP to localhost,
not through the exim command line - although I've now discovered this
makes no difference for IP based rules). I could therefore not scan mail
from 127.0.0.1. The downside to this is that other locally generated
email would not be scanned...

C.
Mailman could be forced to inject mail in to the outgoing Exim queue,
thus avoiding MailScanner altogether. However, the Mailman docs seem
to advise against this due to it launching a shell with potentially
unchecked arguments - never a good thing. This might not be that big a
deal... I'd have to think about it and look at how Mailman works.

The last solution seems the nicest, but could potentially cause some
big security issues down the road. Out of the other two, I'd probably
going for B, given that it's less likely to cause problems.

Also, with regard to the "Multiple Headers" option - I want to use
"replace". I think the "append" option is confusing to the end user
and to any scripts trying to parse the headers :-) So this is why I
have a problem with scanning twice and the first time being the one I
actually want.

Any thoughts on this would be most welcome!

Cheers,
Tim.