Postfix and Mailscanner sitting in a tree k-iss-ing

Julian Field mailscanner at ecs.soton.ac.uk
Thu Dec 30 18:00:20 GMT 2004


    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Very good summary. You just saved me a whole load of typing and thinking.
I would have to pipe messages out of Postfix, implementing my own entire
robust queueing system, process them and then feed them back into
Postfix by some "sanctioned" method, with another queue to buffer the
MailScanner-->Postfix interface.
Very messy.

Incidentally, something in the same vein has already been done for
Communigate Pro, but I have never looked at that. I suspect (though
without evidence either way) that it is not approx. 100% robust in the
face of a concerted DoS attack. I go to some lengths to try to ensure
that, when under attack, the MTA will give out long before MailScanner does.

Thanks for your well thought-out explanation, Drew!

Drew Marshall wrote:

> paddy wrote:
>
>> Chances are it doesn't sit well with the postfix design, and so Wietse
>> is not willing to support it.  Naturally not supporting it means telling
>> people you don't support it, which entails explaining ... you can see
>> where this is going.
>>
>> Add a dash of historical teething problems.
>>
>> I still eager to be surprised by a description of why it would be
>> _technically_ difficult to implement a solution that could earn the
>> Wietse gold seal of approval.
>>
>>
> Problem is that any such solution would involve extra overhead. For
> example you could use some form of SMTP/ LMTP interface, either the Perl
> module (Like AMAVIS) or even a stripped down version of Exim or Sendmail
> but that means running effectively two SMTP servers, more to go wrong
> and extra overhead. After all if you wanted to use Exim you would full
> stop...
>
> You have to pipe to a program but MS is not built like that and you
> would have to change the whole processing idea (And indeed lose batch
> processing and therefore the benefits of bulk scanning speed) and the
> potential security of allowing the MTA to queue messages in a back log
> should it become over whelmed due to a virus break for example.
>
> You see the problem. MS doesn't fit because it has a unique design which
> was not thought about when Postfix (And indeed any MTA) was thought
> about)
>
>> My guess would be that noone is motivated to do so, and why should
>> they be?
>>
>>
> I don't think it is motivation but simply recognition that square pegs
> don't fit well in round holes, so you have to make a decision that you
> like the peg and live with it's poorer fit (In some people's eyes) or
> you change one element (Hole or peg).
>
> Drew
>
> --
> In line with our policy, this message has
> been scanned for viruses and dangerous
> content by MailScanner, and is believed to be clean.
> www.themarshalls.co.uk/policy
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!
>

--
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!




More information about the MailScanner mailing list