Scanning Order

Dennis Willson taz at TAZ-MANIA.COM
Mon Sep 19 21:36:13 IST 2005


    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Yes, this is very true, at least 75% of incoming eMail is Spam. So reducing the amount of scanning reduces the overall CPU load on 
the server. I use greylisting and that removes about 90% of the Spam before it even enters the system. This actually removes a lot 
of the system load as 90% of the Spam is not scanned at all. I use Milter-Greylist and I'm very happy with it. If you have multiple 
MX hosts it will even coordinate the greylist data so if retries occur on one of your backup MX hosts it has the correct information 
to let it through or not and if one MX host has already determined to auto-white list, they all know.

I highly recommend greylisting. Since implementing it my MX hosts are very happy and I have not heard anything but compliments from 
any of my users, not a single complaint! I think this is extremely complimentary with MailScanner.

Dennis

Julian Field wrote:
> Most of your mail (say 75%) is spam. Relatively, very little of it  (say 
> 5%) is a virus.
> So if you do spam checks first, then delete all the spam, you don't  
> need to do anything further with 75% of your incoming mail. So the  
> overhead of all further processing of 75% of your mail never happens.  
> That includes all the expensive checks like the phishing net, as well  
> as the straight virus scanning.
> 
> On 18 Sep 2005, at 04:16, Chris Russell wrote:
> 
>> Hi All,
>>
>>   This is more than likely a question for Julian but I`ll throw it  open.
>>
>>   Is there a specific reason MailScanner does MCP/Spam checks  before 
>> AV ?
>>
>>   Ok, Reasoning:
>>
>>     I was looking into our systems this evening, and from our  stats, 
>> Pretty much 100% of our virus infected email is simply  deleted. For 
>> the most part theres very little reason to actually  look at these 
>> messages as they are often the result of mass-mailing  virus's etc.
>>
>>     With this in mind, would it be more efficient to virus scan the  
>> email first ? This would cut out spam/mcp scanning for infected  
>> messages (dependant on the action), and cut down on the number of  
>> messages required to be spam/MCP scanned, which seems to take the  
>> longest time/ add the most significant load to the process.
>>
>>     I've looked into /usr/sbin/MailScanner and thanks to Julian's  
>> coding, it doesn't look too difficult to change (** highly  
>> preliminary findings here!), so does anyone have any thoughts on  
>> whether AV->MCP/SPAM may be a better approach to take ?
>>
>> Cheers,
>>
>> Chris
>>
>>
>>
>>
>>
>>
>> ------------------------ MailScanner list ------------------------
>> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
>> 'leave mailscanner' in the body of the email.
>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>
>> Support MailScanner development - buy the book off the website!
>>
> 

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!



More information about the MailScanner mailing list