[novalug] Spamassasin on a mail gateway

Fri Sep 3 18:21:13 IST 2004

On Fri, Sep 03, 2004 at 10:15:09AM -0400, Arshavir Grigorian wrote:
> Chris Gordon wrote:
> >In my normal uses of SpamAssasin, I call it via procmail to filter the
> >mail.  This works great when the MTA running SA is the one doing local
> >delivery.  The problem I have is I want to be able to filter with SA on
> >a server running as a mail gateway.
> >The scenario is that I am building a server to sit receive mail from the
> >public internet (the host where the various MX records point).  This
> >server will then forward all mail on to another server that end users
> >will use to read their mail -- no local delivery.
> >The question is, how can I have the gateway server run the mail through
> >SA before forwarding it on?
> >I'm planning to use sendmail on the gateway server.  The "internal" box
> >is running that other OS with some proprietary webmail system.  I have
> >plans to replace it, too, but that is down the road yet.
> >Thanks,
> >Chris
> What you probably need is AMaViS (A Mail Virus Scanner) which is a mail
> scanner that uses other third-party software to scan your mail for spam
> and/or viruses. I have AMaViS (amavisd-new) setup on Postfix to use
> SpamAssassin and Vipul's Razor for detecting spam and ClamAV - for
> antivirus. All my daemons run in chroot jails.
>
> The following links should be useful.
>
> http://www.ijs.si/software/amavisd/ - amavisd-new (the new high
> performance daemon)
> http://www.oddquad.org/linux/anti-spam.html
> http://www.amavis.org/howto/
>
> If you decide to also run ClamAV in chroot, this howto I wrote might
> also be useful.
>
> https://www.grigorians.org/phpwiki/index.php/ClamAV%20chroot%20setup%20HOWTO
>
> Let me know if you run into any snags (most of my experience is with
> Postfix though).
>
> Good luck!

Amavisd is a good solution to your problem. We used it here with
mcaffee's uvscan for a year before we switched to MailScanner:

http://mailscanner.info

We've been using mailscanner for over a year now and have been
extremely pleased with it.

The main difference is that amavisd runs as a daemon and talks to your
MTA (sendmail, postfix, qmail, exim, etc) via an SMTP conversation so it
can only process messages one at a time. In contrast MailScanner is
typically intalled to run inbetween 2 instances of the MTA. For
instance, in our setup we have one postfix instance called postfix.in
that is configured to accept incoming mail and simply place it in the
defferred queue. MailScanner picks up the mail from there in batches.
When it is finished doing its jobs it moves the mail to the incoming
queue of a second postfix instance which then handles the job of either
passing off to the local delivery agent or sending it on to some other
mail host on the internet.

The batch processing is key. Since it is processing in batches it calls
your viruscanners and SpamAssassin only once for each batch. So, each
invocation of these external programs handles numerous messages, where
in an amavisd set up each message requires a new instance of
spamassassin and a new instance of viruscanner-foo. (of course amavis
can work with daemonized versions of these, but that, too has overhead)
In my experience and that of those loyal to MailScanner this approach
has significant performance benefits.

Additional performance is gained because rather than using spamassassin
as an external spamd and spamc pair as in a typical procmail called
spamassassin config, MailScanner uses spamasassin as a perl library. All
the spamassassin code runs within the MailScanner process. This
approach is also used for several virusscanners, notably sophos and
the opensource clamav.

Since MailScanner is picking up email through the file system, if it
finds that it doesn't need to do anything to a particular message it
doesn't even need to make a copy of it! It simply makes a hard link in
the incoming queue of the outgoing MTA and removes the original link.
Weitse Venema, the author of postfix, takes exception to this approach
and therefore does not support mailscanner's use with postfix.
Nonetheless, MailScanner and Postfix work very well together. People in
the other MTA projects, sendmail, exim, etc, have no problem with
MailScanner, afaik, and have on occassion worked with Julian, the MS[1]
author, to resolve issues.

On top of all that, MailScanner is an extremely flexible flexible tool
for implementing an organization's email policy. The mailing list is
very active with a great many helpful people, a number of whom do little
else beside manage very large email systems (i.e. many millions of
messages per day handled by sizeable server farms dedicated to the
task). There are also numerous admins on the list using MailScanner as a
frontend scanner that passes mail off to whatever corporate beast
handles the delivery and users' pop/imap access (i.e. exchange,
lotusnotes, whatever). Julian is active on the list as well. Often he
responds to bug reports or feature requests with new code within several
days, and occasionally within hours.

If NoVaLUG is interested in a presentation on MailScanner, I bet Steve
Swaney would be willing to go out to Chantilly. Steve runs Fortress
Systems, a DC company that sells support for MailScanner and employs
Julian as CTO:

http://www.fsl.com/

Steve presented MailScanner at DCLUG last summer. We made the switch
here at RFA soon after that. Contact info is here:

http://www.fsl.com/company/contact.html

If you would like to know anything else about MailScanner, I'm more than
willing to answer any questions here on the list. You could also check
the mailscanner list archives. I set out to say more, but have forgotten
some more points I meant to make. In short, I can't say enough good
things about this project.

-Eric Rz.

1. I get particular pleasure out of reclaiming this particular 2-letter
acronymn. :-D

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).