[novalug] Spamassasin on a mail gateway

[Eric Dantan Rzewnicki]

I cc'ed the mailscanner list on this because I wanted Julian to see the
praise and Steve to see the opportunity to present. NovaLUG has been
looking for meeting topics recently.

I also wanted the list to check my facts for me and point out any errors
or omissions. Thanks all, and Julian in particular. :)

-Eric Rz.

On Fri, Sep 03, 2004 at 01:21:13PM -0400, Eric Dantan Rzewnicki wrote:
> On Fri, Sep 03, 2004 at 10:15:09AM -0400, Arshavir Grigorian wrote:
> > Chris Gordon wrote:
> > >In my normal uses of SpamAssasin, I call it via procmail to filter the
> > >mail.  This works great when the MTA running SA is the one doing local
> > >delivery.  The problem I have is I want to be able to filter with SA on
> > >a server running as a mail gateway.
> > >The scenario is that I am building a server to sit receive mail from the
> > >public internet (the host where the various MX records point).  This
> > >server will then forward all mail on to another server that end users
> > >will use to read their mail -- no local delivery.
> > >The question is, how can I have the gateway server run the mail through
> > >SA before forwarding it on?
> > >I'm planning to use sendmail on the gateway server.  The "internal" box
> > >is running that other OS with some proprietary webmail system.  I have
> > >plans to replace it, too, but that is down the road yet.
> > >Thanks,
> > >Chris
> > What you probably need is AMaViS (A Mail Virus Scanner) which is a mail
> > scanner that uses other third-party software to scan your mail for spam
> > and/or viruses. I have AMaViS (amavisd-new) setup on Postfix to use
> > SpamAssassin and Vipul's Razor for detecting spam and ClamAV - for
> > antivirus. All my daemons run in chroot jails.
> >
> > The following links should be useful.
> >
> > http://www.ijs.si/software/amavisd/ - amavisd-new (the new high
> > performance daemon)
> > http://www.oddquad.org/linux/anti-spam.html
> > http://www.amavis.org/howto/
> >
> > If you decide to also run ClamAV in chroot, this howto I wrote might
> > also be useful.
> >
> > https://www.grigorians.org/phpwiki/index.php/ClamAV%20chroot%20setup%20HOWTO
> >
> > Let me know if you run into any snags (most of my experience is with
> > Postfix though).
> >
> > Good luck!
>
> Amavisd is a good solution to your problem. We used it here with
> mcaffee's uvscan for a year before we switched to MailScanner:
>
> http://mailscanner.info
>
> We've been using mailscanner for over a year now and have been
> extremely pleased with it.
>
> The main difference is that amavisd runs as a daemon and talks to your
> MTA (sendmail, postfix, qmail, exim, etc) via an SMTP conversation so it
> can only process messages one at a time. In contrast MailScanner is
> typically intalled to run inbetween 2 instances of the MTA. For
> instance, in our setup we have one postfix instance called postfix.in
> that is configured to accept incoming mail and simply place it in the
> defferred queue. MailScanner picks up the mail from there in batches.
> When it is finished doing its jobs it moves the mail to the incoming
> queue of a second postfix instance which then handles the job of either
> passing off to the local delivery agent or sending it on to some other
> mail host on the internet.
>
> The batch processing is key. Since it is processing in batches it calls
> your viruscanners and SpamAssassin only once for each batch. So, each
> invocation of these external programs handles numerous messages, where
> in an amavisd set up each message requires a new instance of
> spamassassin and a new instance of viruscanner-foo. (of course amavis
> can work with daemonized versions of these, but that, too has overhead)
> In my experience and that of those loyal to MailScanner this approach
> has significant performance benefits.
>
> Additional performance is gained because rather than using spamassassin
> as an external spamd and spamc pair as in a typical procmail called
> spamassassin config, MailScanner uses spamasassin as a perl library. All
> the spamassassin code runs within the MailScanner process. This
> approach is also used for several virusscanners, notably sophos and
> the opensource clamav.
>
> Since MailScanner is picking up email through the file system, if it
> finds that it doesn't need to do anything to a particular message it
> doesn't even need to make a copy of it! It simply makes a hard link in
> the incoming queue of the outgoing MTA and removes the original link.
> Weitse Venema, the author of postfix, takes exception to this approach
> and therefore does not support mailscanner's use with postfix.
> Nonetheless, MailScanner and Postfix work very well together. People in
> the other MTA projects, sendmail, exim, etc, have no problem with
> MailScanner, afaik, and have on occassion worked with Julian, the MS[1]
> author, to resolve issues.
>
> On top of all that, MailScanner is an extremely flexible flexible tool
> for implementing an organization's email policy. The mailing list is
> very active with a great many helpful people, a number of whom do little
> else beside manage very large email systems (i.e. many millions of
> messages per day handled by sizeable server farms dedicated to the
> task). There are also numerous admins on the list using MailScanner as a
> frontend scanner that passes mail off to whatever corporate beast
> handles the delivery and users' pop/imap access (i.e. exchange,
> lotusnotes, whatever). Julian is active on the list as well. Often he
> responds to bug reports or feature requests with new code within several
> days, and occasionally within hours.
>
> If NoVaLUG is interested in a presentation on MailScanner, I bet Steve
> Swaney would be willing to go out to Chantilly. Steve runs Fortress
> Systems, a DC company that sells support for MailScanner and employs
> Julian as CTO:
>
> http://www.fsl.com/
>
> Steve presented MailScanner at DCLUG last summer. We made the switch
> here at RFA soon after that. Contact info is here:
>
> http://www.fsl.com/company/contact.html
>
> If you would like to know anything else about MailScanner, I'm more than
> willing to answer any questions here on the list. You could also check
> the mailscanner list archives. I set out to say more, but have forgotten
> some more points I meant to make. In short, I can't say enough good
> things about this project.
>
> -Eric Rz.
>
> 1. I get particular pleasure out of reclaiming this particular 2-letter
> acronymn. :-D
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).