mailscanner + exim release from out queue

Rick Cooper rcooper at dwford.com
Tue Apr 30 13:56:14 IST 2013 

Sorry for top posting but this html is horrible to quote
 
I NEVER bounce anything , ever. Once it is accepted it's my problem. Below
is a partial (fairly complete) list of checks I do before we even get to the
data phase or any scanning and the first thing done during data is
domainkey/dkim checks
 
Helo:
    1. Attempting to helo as part of one of my domains and is not
    2. Non fqdn or ip literals properly formatted in brackets
([192.168.2.2])
    3. specific domains that should not be used such as
local/internal/localdomain
    4. invalid hostnames such as localhost
    5. blank (e)helo
    6. my own server name
    7. couple more special cases
 
Rcpt :
    1. black listed hosts or domains
    2.  missing both A and MX records ( not due to dns failure)
    3. spf hard fail
    4. Not authenticated from a local user (unless from a valid, internal
relay)
    5. from or to user that is never used from or to external host (root,
ftp, wheel, etc) that is coming from external source
    6. specific countries we never do business with but stats show very high
percentage of spam (to our servers)
    7. invalid domain parts
    8. above a certain threshold of invalid recipients
    9. Too many recipients if not an authenticated user
  10. Several rbls 
   11. invalid local part (invalid user)
 
doing the checks before data stops the most part before we have to waste
time spooling, and many of these rules result in being added (for various
periods of time) to the firewall so there is no second chance for
hours/days/weeks.
 
Rick

  _____  

From: mailscanner-bounces at lists.mailscanner.info
[mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Jonas
Akrouh Larsen
Sent: Tuesday, April 30, 2013 3:50 AM
To: MailScanner discussion
Subject: SV: mailscanner + exim release from out queue



Hi Glenn

>That MailScanner doesn't operate at SMTP-time is exactly what sets it
apart... It is the fundamental difference that make MailScanner perform so
>much better, and suffer from so much less risk of DoS:ing, than amavisd ...

>Sure, you cannot do "on the fly rejections", but ... AV/Anti-UCE scanning
is to expensive at that stage anyway (IMO)... apart from the simple >things
you can do in the MTA, that is (recipient verification, rfc strictness,
graylisting etc). But the benefits of not doing it in one go, as amavisd
>does, far outweigh that drawback.

>If one were to somehow wrangle MailScanner into action during SMTP... one
could as well use amavisd instead;-).

> 

>As for choice of MTA, one should always stick with the one one is most
comfortable with ... You're far less likely to foobar things if you know
>what you're doing:-). If one starts from scratch, taking into account what
happens to be the default on the system you use seem like a very sound
>strategy:-).

I’ve stuck with exim+MS for 5 years so I guess I must be liking it for the
most part J

However I do find it annoying not being able to scan at smtp time, it would
be much simpler for bounces and such, and rid my outgoing queue of mails I
can’t return to sender because it was forged etc.

Also it shouldn’t run in parallel, so it’s no more expensive than running it
post smtp, since you don’t spam scan a virus, you don’t virusscan something
listed on rbl etc.

But thanks for the comments J

Med venlig hilsen / Best regards

Jonas Akrouh Larsen

TechBiz ApS

Laplandsgade 4, 2. sal

2300 København S

Office: 7020 0979

Direct: 3336 9974

Mobile: 5120 1096

Fax:    7020 0978

Web:  <http://www.techbiz.dk> www.techbiz.dk

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20130430/2f3eac17/attachment.html

More information about the MailScanner mailing list