MTA preferences for use with MailScanner

Chris racerx at MAKEWORLD.COM
Thu Jul 29 15:45:34 IST 2004 

<x-flowed>
Mariano Absatz wrote:
> On Thu, 29 Jul 2004 14:48:37 +0200, David H. <dh at uptime.at> wrote:
>
>>-----BEGIN PGP SIGNED MESSAGE-----
>>Hash: RIPEMD160
>>
>>Mariano Absatz wrote:
>>
>>| I only use ZMailer and wouln't recommend that to anyone not willing to
>>| spend a LOT of time learning.
>>|
>>| I don't like Sendmail very much, it's a memory hog if you get lots of
>>| simultaneous connections (but it's really fast when you don't).
>>|
>>Could you (maybe off list) tell me how you came to that conclusion? I am
>>curious, because we do lots of high volume sendmail installs and with
>>recent releases we cannot really relate to the issue you describe. I
>>would be very interested in exchanging your experiences and integrating
>>them into my knowlegde portfolio :)
>
>
> No... (that is, you shouldn't integrate at least THIS comments in your
> portfolio)... :-)
>
> I thought I had said so and rereading my message I didn't... I used
> Sendmail in pre-history and got away from it in prehistory (passed
> thru smail and got to zmailer eons ago)...
>
> However, at the time, and I think _this_ bit didn't change, sendmail
> binary is just one large monolithic program that does most everything
> an MTA is supposed to do:
> 1) smtp server
> 2) mail routing, including alias expansion, header rewriting and the like
> 3) smtp client
> I don't know about the old protocols (uucp, bitnet, etc)... are they
> still integrated in sendmail binary? I guess so, but I don't know.
>
> Now, when a connection is received on port 25 the sendmail listening
> there forks a (large) child that handles the smtp server part, then,
> unless it's configured otherwise, routes the message and tries to send
> it to its next hop... if it fails to do this last step, it lets... the
> message queued for later retry...
>
> In a MailScanner configuration, sendmail listening on port 25 is
> configured only for receiving the message and queing it for later
> processing (which will eventually happen AFTER MailScanner does its
> job).
>
> But, nevertheless, the full sendmail binary is spawned for every
> connection received... when you get a couple of hundreds of
> simultaneous connections, this gets kinda out of hand.
>
> Most modern (and not so modern) MTAs (including zmailer, qmail, exim
> and postfix, AFAIK) do have a very small 'smtp server' module that the
> ONLY thing it knows how to do is to play the 'server' part of RFC821
> and has a set of configurations or policies about what to accept and
> what NOT to accept, but it usually doesn't know how to route a
> message, how to expand an alias, how to deliver a local message and,
> much less, how to play the 'client' part of RFC821 or how to handle
> retries...

This is somewhat untrue. I got my tail whacked for asking why
MailScanner does not work well wih Postfix.

Yes, yes - I know. There are docs out there that lets you do it, but it
seems they are unsupported and not a safe way to use postfix.

Allow me to paste fro the Postfix archives:
------------
MailScanner does its work by grabbing files out of the queue, runs its
processing, and drops the resulting file back into another postfix
queue.  This is not a documented method to perform content filtering in
postfix.

The problem is that there is no reliable way for a non-postfix program to
determine when it's safe to grab the queue file.  So it's never safe for an
external program to grab a queue file when postfix is running.

So MailScanner will randomly grab an incomplete file, resulting in loss of
a random portion of that message, with no warning and no indication that
part of the message was lost.  Apparently it *usually* works, but you can't
tell when it doesn't.  Software that by design *usually* works is not
acceptable.

Therefore, MailScanner is unreliable with postfix.  This does not offer an
opinion about MailScanner with other MTAs, only postfix.

If you want to use MailScanner, don't use postfix.  If you want to use
postfix, choose a different content filtering method, there are several
documented filtering methods and many reliable third-party products to
chose from that work properly with postfix.
------------

However, it works for me, so what can I say.


--
Best regards,
Chris

--
This message has been scanned for viruses and dangerous
content by MailScanner, and is believed to be clean.
ClamAV virus dat updated: Thu Jul 29 2004 at 03:02:57
daily.cvd updated (version: 425, sigs: 1147, f-level: 2, builder: acab)

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail at jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
</x-flowed>

More information about the MailScanner mailing list