[novalug] Spamassasin on a mail gateway
Steve Swaney
Steve.Swaney at fsl.com
Fri Sep 3 20:11:47 IST 2004
Eric,
Thanks for the kind words. We're always happy to help out existing or
prospective MailScanner users. It was also a useful and cogent analysis of
the advantages of using MailScanner.
We're about to release the (hopefully) last beta or rc1 of SMGateway. Please
let me know if you're interested in having a look.
Thanks again,
Steve
Steve Swaney
President
Fortress Systems Ltd.
www.fsl.com
steve.swaney at fsl.com
> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK] On
> Behalf Of Eric Dantan Rzewnicki
> Sent: Friday, September 03, 2004 1:29 PM
> To: MAILSCANNER at JISCMAIL.AC.UK
> Subject: Re: [novalug] Spamassasin on a mail gateway
>
> I cc'ed the mailscanner list on this because I wanted Julian to see the
> praise and Steve to see the opportunity to present. NovaLUG has been
> looking for meeting topics recently.
>
> I also wanted the list to check my facts for me and point out any errors
> or omissions. Thanks all, and Julian in particular. :)
>
> -Eric Rz.
>
> On Fri, Sep 03, 2004 at 01:21:13PM -0400, Eric Dantan Rzewnicki wrote:
> > On Fri, Sep 03, 2004 at 10:15:09AM -0400, Arshavir Grigorian wrote:
> > > Chris Gordon wrote:
> > > >In my normal uses of SpamAssasin, I call it via procmail to filter
> the
> > > >mail. This works great when the MTA running SA is the one doing
> local
> > > >delivery. The problem I have is I want to be able to filter with SA
> on
> > > >a server running as a mail gateway.
> > > >The scenario is that I am building a server to sit receive mail from
> the
> > > >public internet (the host where the various MX records point). This
> > > >server will then forward all mail on to another server that end users
> > > >will use to read their mail -- no local delivery.
> > > >The question is, how can I have the gateway server run the mail
> through
> > > >SA before forwarding it on?
> > > >I'm planning to use sendmail on the gateway server. The "internal"
> box
> > > >is running that other OS with some proprietary webmail system. I
> have
> > > >plans to replace it, too, but that is down the road yet.
> > > >Thanks,
> > > >Chris
> > > What you probably need is AMaViS (A Mail Virus Scanner) which is a
> mail
> > > scanner that uses other third-party software to scan your mail for
> spam
> > > and/or viruses. I have AMaViS (amavisd-new) setup on Postfix to use
> > > SpamAssassin and Vipul's Razor for detecting spam and ClamAV - for
> > > antivirus. All my daemons run in chroot jails.
> > >
> > > The following links should be useful.
> > >
> > > http://www.ijs.si/software/amavisd/ - amavisd-new (the new high
> > > performance daemon)
> > > http://www.oddquad.org/linux/anti-spam.html
> > > http://www.amavis.org/howto/
> > >
> > > If you decide to also run ClamAV in chroot, this howto I wrote might
> > > also be useful.
> > >
> > >
> https://www.grigorians.org/phpwiki/index.php/ClamAV%20chroot%20setup%20HOW
> TO
> > >
> > > Let me know if you run into any snags (most of my experience is with
> > > Postfix though).
> > >
> > > Good luck!
> >
> > Amavisd is a good solution to your problem. We used it here with
> > mcaffee's uvscan for a year before we switched to MailScanner:
> >
> > http://mailscanner.info
> >
> > We've been using mailscanner for over a year now and have been
> > extremely pleased with it.
> >
> > The main difference is that amavisd runs as a daemon and talks to your
> > MTA (sendmail, postfix, qmail, exim, etc) via an SMTP conversation so it
> > can only process messages one at a time. In contrast MailScanner is
> > typically intalled to run inbetween 2 instances of the MTA. For
> > instance, in our setup we have one postfix instance called postfix.in
> > that is configured to accept incoming mail and simply place it in the
> > defferred queue. MailScanner picks up the mail from there in batches.
> > When it is finished doing its jobs it moves the mail to the incoming
> > queue of a second postfix instance which then handles the job of either
> > passing off to the local delivery agent or sending it on to some other
> > mail host on the internet.
> >
> > The batch processing is key. Since it is processing in batches it calls
> > your viruscanners and SpamAssassin only once for each batch. So, each
> > invocation of these external programs handles numerous messages, where
> > in an amavisd set up each message requires a new instance of
> > spamassassin and a new instance of viruscanner-foo. (of course amavis
> > can work with daemonized versions of these, but that, too has overhead)
> > In my experience and that of those loyal to MailScanner this approach
> > has significant performance benefits.
> >
> > Additional performance is gained because rather than using spamassassin
> > as an external spamd and spamc pair as in a typical procmail called
> > spamassassin config, MailScanner uses spamasassin as a perl library. All
> > the spamassassin code runs within the MailScanner process. This
> > approach is also used for several virusscanners, notably sophos and
> > the opensource clamav.
> >
> > Since MailScanner is picking up email through the file system, if it
> > finds that it doesn't need to do anything to a particular message it
> > doesn't even need to make a copy of it! It simply makes a hard link in
> > the incoming queue of the outgoing MTA and removes the original link.
> > Weitse Venema, the author of postfix, takes exception to this approach
> > and therefore does not support mailscanner's use with postfix.
> > Nonetheless, MailScanner and Postfix work very well together. People in
> > the other MTA projects, sendmail, exim, etc, have no problem with
> > MailScanner, afaik, and have on occassion worked with Julian, the MS[1]
> > author, to resolve issues.
> >
> > On top of all that, MailScanner is an extremely flexible flexible tool
> > for implementing an organization's email policy. The mailing list is
> > very active with a great many helpful people, a number of whom do little
> > else beside manage very large email systems (i.e. many millions of
> > messages per day handled by sizeable server farms dedicated to the
> > task). There are also numerous admins on the list using MailScanner as a
> > frontend scanner that passes mail off to whatever corporate beast
> > handles the delivery and users' pop/imap access (i.e. exchange,
> > lotusnotes, whatever). Julian is active on the list as well. Often he
> > responds to bug reports or feature requests with new code within several
> > days, and occasionally within hours.
> >
> > If NoVaLUG is interested in a presentation on MailScanner, I bet Steve
> > Swaney would be willing to go out to Chantilly. Steve runs Fortress
> > Systems, a DC company that sells support for MailScanner and employs
> > Julian as CTO:
> >
> > http://www.fsl.com/
> >
> > Steve presented MailScanner at DCLUG last summer. We made the switch
> > here at RFA soon after that. Contact info is here:
> >
> > http://www.fsl.com/company/contact.html
> >
> > If you would like to know anything else about MailScanner, I'm more than
> > willing to answer any questions here on the list. You could also check
> > the mailscanner list archives. I set out to say more, but have forgotten
> > some more points I meant to make. In short, I can't say enough good
> > things about this project.
> >
> > -Eric Rz.
> >
> > 1. I get particular pleasure out of reclaiming this particular 2-letter
> > acronymn. :-D
> >
> > ------------------------ MailScanner list ------------------------
> > To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> > 'leave mailscanner' in the body of the email.
> > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
> Fortress Systems Ltd.
> www.fsl.com
>
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
Fortress Systems Ltd.
www.fsl.com
More information about the MailScanner
mailing list