Re: exim or postfix

[Craig Sanders <cas@taz.net.au>]

On Thu, Nov 11, 2004 at 09:25:52PM +0000, John Goerzen wrote:
> I just switched from Postfix to Exim.  I am now a big fan of Exim.
> 
> http://changelog.complete.org/articles/2004/11/08/latest-experiment-exim/
> http://changelog.complete.org/articles/2004/11/11/exim-transition-successful/

glad to hear it worked for you.


a few comments, though:

1. "synchronization detection" - postfix has done this for years, except that
it's called "reject_unauth_pipelining".  you enable it as one of the
smtpd_*_restrictions.

2. postfix does support filtering during the SMTP transaction.  the difference
is that the postfix author tells you up front that it is inherently problematic
(for *ANY* MTA, not just postfix) because of the potential for SMTP timeouts if
the filter takes too long to run (SpamAssassin, for example, could take ages to
complete regardless of whether it's run from exim or postfix...especially if
it's doing DNSRBL and other remote lookups), and he recommends that you don't
do it.

other MTAs blithely ignore the potential problem and tell you to go ahead and
do it.

that said, though, exiscan-acl sounds cool.  

on a light to moderately loaded server, it's probably not a huge problem.


i manage to avoid the problem by having good anti-spam/anti-virus rules (and a
huge junk map and set of body_checks & header_checks rules) that it rejects
about 99% of all spam during the SMTP session.  very little makes it through
them to be scanned with amavsid-new/spamasssassin/clamav.  still, i sometimes
think it would be nice to run SA at the SMTP stage.

e.g. my spam-stats.pl report for last week (this is for a little home mail
server with about half a dozen users):

ganesh:/etc/postfix# spam-stats.pl /var/log/mail.log.0
      2	RBL bogusmx.rfc-ignorant.org
      4	Unwanted Virus Notification
      4	ETRN
      6	body checks (VIRUS)
     12	header checks (VIRUS)
     15	RBL taiwan.blackholes.us
     26	RBL Dynablock.njabl.org
     28	RBL hongkong.blackholes.us
     39	RBL brazil.blackholes.us
     76	Local access rule: Helo command rejected
    114	Relay access denied
    145	SpamAssassin score far too high
    148	body checks (Spam)
    163	Local address forgery
    200	strict 7-bit headers
    202	RBL dul.dnsbl.sorbs.net
    212	RBL sbl-xbl.spamhaus.org
    253	header checks (Spam)
    288	Need FQDN address
    297	Recipient Domain Not Found
    429	RBL list.dsbl.org
    517	Local access rule: Client host rejected
    687	Greylisted delivery attempt
    717	Dynamic IP Trespass
   1361	RBL cn-kr.blackholes.us
   1463	Sender Domain Not Found
   4779	User unknown
   6422	Recipient address rejected
   6970	Local access rule: Sender address rejected
  22256	Bad HELO

  47835	TOTAL


Spamassassin stats:
     77	spam
   2919	clean
   2996	TOTAL

Percentages:
spam:non-spam (47912/50831) 94.26%
tagged messages (77/2996) 2.57%
rejected spam (47835/47912) 99.84%


only 2996 messages (out of 50831) were accepted by postfix and scanned
by SA.  of those, only 77 were tagged as spam, plus another 145 that were
discarded by a header_checks rule which detects whether the SA score
is over 13.0 (discard, not reject) when amavisd-new tried to reinject
the message back into postfix after content-filtering.


that was a pretty average week, although (as ever) the number of attempts to
deliver spam goes up all the time.  2 months ago, it was averaging about 30-35K
rejects per week.  now it's nearly 50K.  the percentages don't change much,
spam is already well over 90% of what my MTA sees.


craig

-- 
craig sanders <cas@taz.net.au>           (part time cyborg)