[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: exim4-daemon-heavy and exiscan virus/spam filtering



> On Thu, Oct 23, 2003 at 12:35:23PM +0200, Benedict Verheyen wrote:
>
>> So, if i understand this correctly, fetchmail will stream the mail to
>> exim
>> while it is fetching it or does it download it first anyway?
>
> I'm no mail guru, but I don't _think_ that's right.
> I believe what happens is that fetchmail downloads the whole mail (but
> doesn't yet delete the original from the remote mailbox), passes the
> whole thing to your local mailserver, and _only_ after receiving
> confirmation that your local mailserver knows what to do with it _then_
> it deletes the original from the remote mailbox.
>
> Mailfilter has the advantage that you can do some filtering without
> downloading the DATA of the message (just the headers). And naturally,
> as you pointed out, this is more limited than full-body filtering
> methods like spamassassin.
>
> But you can't apply content-based filtering without downloading the
> content.
>
> You could always use both, though.  Pre-connect with mailfilter to get
> rid of swen and the most obvious spam, grab the survivors with fetchmail
> and have the local mailserver (or each user's procmail setup) feed them
> through spamassassin to do the really thorough checking.
>
> And I'm pretty sure that it does not make any sense to set up your local
> MTA with "reject" rules if you're using fetchmail.  The spammer has
> already successfully delivered the spam to your remote mailbox, and
> fetchmail has already downloaded it for you. Rejecting fetchmail's
> connection to the MTA at that point is kinda useless.
>

Good point. I went ahead and tried the exiscan way instead of the usual
routers and transports. I didn't involve that much work, basically
installing the exim4-heavy-daemon and clamav-daemon, shutting down amavis,
specifying the ACL's and getting rid of the transports or routers and then
deactivate exim from listening to port 10025. ( needed by amavis )
The exiscan method does seem faster to me than the router/transport method
or maybe it uses less resources, i don't know.

If it would really be faster, then i would keep on using the exiscan
method if not, then i might revert back to to old router/transport method.
One thing that speeds up the current settup is that once an email is
regarded as a virus, it's immediately rejected. In my transport/router
setup, i alway scanned every email and then also checked it for spam so if
i would add a condition there, it would also improve the speed of that
setup.

Benedict



Reply to: