scanning on both primary and second MX servers

Logan Shaw lshaw at emitinc.com
Wed May 3 23:36:42 IST 2006 

On Tue, 2 May 2006, Julian Field wrote:
> On 2 May 2006, at 00:20, Logan Shaw wrote:

>> So, I thought I had a solution:  install MailScanner on the
>> backup MX as well.  Then blacklisting will be in effect over
>> there, and everything's great, theoretically.  I installed all
>> that, and just now I realized the flaw in that plan.  I now
>> get two sets of headers because the messages are being scanned
>> twice by two different machines.  (I get "X-Spam-Status: Yes,
>> Yes" and stuff like that.)
>
> What I would advise is that you install SpamAssassin (used as part of 
> MailScanner, download by "easy-to-install" package of ClamAV+SA from the 
> MailScanner downloads page). You can then not only assign your own scores to 
> different RBLs if you want to, but more importantly SpamAssassin will check 
> all the hosts through which the message passed, not just the last hop (which 
> is all MailScanner can do).
>
> SpamAssassin is much better than MailScanner with this feature.

Aha, so just to recap now that I've taken a day or whatever to
digest that response, I think what you're saying is this:

1.  Even though MailScanner uses SpamAssassin, they each have
     their own independent RBL implementations and MailScanner
     uses its own and turns off SpamAssassin's.

2.  SpamAssassin's RBL support works better in that it scans
     all the Received: headers, rather than just looking at
     where the most recent message came from.  And also in that
     it gives me more control over scoring.

3.  I can set up MailScanner to use SpamAssassin's implementation
     instead, so that I can continue to use MailScanner but I can
     use the superior RBL implementation.

And it would appear (please tell me if I'm on the right track!)
that the implications of this are:

1.  I need to make sure I have properly configured SpamAssassin
     so that it correctly identifies which hosts are/aren't
     trusted, and I use the "trusted_networks" setting to do
     this by putting a list of all my own MX hosts (and those
     I trust, like maybe my ISP's).

2.  If I do this (and if I don't feel the need to delete the
     spam immediately on the secondary MX), then I don't
     necessarily have to have MailScanner or SpamAssassin or
     any other filtering software on the backup MX, because
     SpamAssassin can catch everything on the main mail server.

Do I basically have that correct?  If so, that makes my life
easier, because it is a bit more of a pain to maintain a second
MailScanner setup on the backup MX machine.  (Especially
considering that its bayes and autowhitelisting will be all
screwed up, so those require special attention...)

   - Logan

More information about the MailScanner mailing list