SMTP Time Scanning

Matt Kettler mkettler at EVI-INC.COM
Fri Jul 29 23:38:03 IST 2005 

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Alex Neuman van der Hans wrote:
>
> No, MailScanner purposefully doesn't touch the SMTP stream, and only
> works with message queues and such. If you want to do SMTP-time
> scanning, and your MTA is sendmail, you can use a milter such as
> clamav-milter for virus scanning and spamassassin-as-a-milter (never
> used it myself so I don't know what it's called). I use clamavmilter to
> reduce the load on the server by dropping mail with viruses before they
> reach sendmail+mailscanner+spamassassin.

milter-spamc, and mimedefang are two popular milters.

SMTP-time scanning has some advantages (able to do SMTP layer rejects of spam)
but some disadvantages (doesn't deal as gracefully with "bursts" of inbound mail).

Pretty much every tool out there for scanning has advantages and drawbacks.

As a summary, in general there are 4 places mail scanning can occur, and
scanning at each layer has the following general strengths/weaknesses:

1) smtp-time: (ie: milters, qmail-scanner)
+can reject (properly)
+scanning is done per message not per recipient
-inbound mail rate must be limited by a number of processes, or else system load
will explode. (most do this using spamd which has built-in child limiting)
-usually have very limited per-user flexibility

2) mta-queue layer (mailscanner is the only one I'm aware of):
+inbound mail can be queued quickly without waiting.
+scanning can done per-message or per recipient (with some MTA queuing options)
+bursts of high volume have little impact on system load
-sustained high volume can cause mail queue to get large (Mailscanner does shift
to emergency mode to alleviate this, but that bypasses scanning)
-somewhat limited per-user flexibility (better than with milter, but still one
SA user_prefs)
-can't reject, can only generate post-delivery bounces (bad idea)

3) MDA layer (ie: procmail)
+high degree of per-user flexibility, as passing -u to spamc allows separate
user_prefs
-multi-recipient messages must be re-scanned
-can't reject, can only generate post-delivery bounces

4) MUA layer (ie: called from within kmail)
+complete end-user control of scanning
-isn't site-wide, must be installed on each client machine
-no centralized scanner, thus no central statistics
-messages must be downloaded to client before they can be scanned.
-can't reject

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list