Why is MS doing spam checks first?

Scott Silva ssilva at SGVWATER.COM
Mon Dec 5 16:21:33 GMT 2005 

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Remco Barendse spake the following on 12/2/2005 8:41 PM:
> On Sat, 3 Dec 2005, Kai Schaetzl wrote:
> 
>> Remco Barendse wrote on         Fri, 2 Dec 2005 18:56:41 +0100:
>>
>>> Unfortunately, in my case I also have batched SMTP from my provider.
>>> This
>>> means that any mail that is not deliverable directly to one of the mail
>>> servers, it is queued by my provider.
>>
>>
>> You mean, the mail is delivered from your ISP to you instead of
>> directly? If
>> you have a static IP and connected 24/7 to the net I'd change this.
>> Obviously
>> you are better off if you can just reject all those viruses instead of
>> taking
>> them from your ISP.
> 
> 
> Yes, they are backing up / queuing mail when our mail servers would be
> offline. It's a thing from the past actually, something that was in use
> when there was still dial-up internet and dsl connections were flakey.
> 
>>> Right now one box (an Athlon XP2600 with 1 Gb of ram and max 2
>>> MailScanner
>>> threads) is getting hammered with virii. It's taking up to 10K virus
>>> mails
>>> per day now (normal volume is 100-200 mails per day on that 2nd in
>>> line box).
>>
>>
>> You need more than 2 MailScanner processes for this, go to 5 or more.
>> Your
>> RAM is enough for that unless something else is hogging memory.
>> If you can't get mail to you directly the only choice you have is to
>> avoid
>> processing as much as possible. F.i. if many viruses go to non-existent
>> addresses because of catch-alls remove the catch-alls. Drop sa
>> scanning for
>> the time being. And complain to your upstream ISP.
> 
> 
> I tried, but as soon as I increase the number of MailScanner processes I
> start getting these annoying SpamAss timeouts resulting in spam slipping
> through (which is really infuriating me because it would have been
> killed otherwise). Without SA in between the box handles 5 processes
> easily, it's SA that starts to be difficult. (The box is only handling
> mail, nothing else).
> 
> If all mails get filtered through SA+MS I have only 2-3 spam mails per
> WEEK slipping through (for the whole company!).
> 
> That's why I thought it would be nifty if the scanning order would be
> user settable. I know that I will never get more mail than this but
> virusscanning first could take out the really nasty peaks in traffic we
> are seeing now.
> 
> Remco
> 
You could try clamav-milter if you run sendmail to pre-screen for
viruses, and then let mailscanner handle any that slip through because
of the occasional failure of a single virus scanner.


-- 

/-----------------------\           |~~\_____/~~\__  |
| MailScanner; The best |___________ \N1____====== )-+
| protection on the net!|                   ~~~|/~~  |
\-----------------------/                      ()

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list