[Exim] SA-Exim vs. ExiScan - at an initial glance

Top Page
Delete this message
Reply to this message
Author: Tor Slettnes
Date:  
To: sa-exim, exim-users
Subject: [Exim] SA-Exim vs. ExiScan - at an initial glance
Having happily used SA-Exim[1] for a few months now, I just discovered
the 'ExiScan-ACL'[2] feature in Exim (distributed as a patch, and also
included in the 'exim4-daemon-heavy' Debian package - note that the
'exim4' metapackage by default selects 'exim4-daemon-light').

Having seen the best of both worlds, I now want it all! :-}

Specifically, from a superficial glance, these are the strengths of
ExiScan (as compared to SA-Exim):
 o Supports 3 types of filtering:
    - MIME/Attachment filtering (by filename extensions, mime errors..)
    - Malware scanning (via programs such as MKS AntiVirus,
      Sophie/Sophos, custom scripts...)
    - Spam filtering (via SpamAssassin)


  o Configured in the ACL section of the exim configuration file(s),
    rather than in its own config file (and so takes advantage of *all*
    the configuration syntax offered by Exim).  For instance, the ACL
    might be configured to 'accept' a message from local hosts before
    the ExiScan statements are even reached (whereas SA-Exim is launched
    on every message, and its configuration needs a separate conditional
    statement if one does not wish to scan messages from certain hosts, say).


  o Allows more flexibility in routing, accepting, rejecting messages
    based on SA's score (through the 'spam' driver which evaluates to
    true on spam, through internal Exim variables like $spam_score,
    $spam_report...).


  o Does not modify the original message unless told to (SA is processing
    a copy of the message).  This may be a disadvantage too; see below.


  o Talks to 'spamd' directly, rather than launching 'spamc' do do so
    (should reduce process creation overhead a little..)



Conversely, SA-Exim provides these functions not available in ExiScan:

  o Teergrubing! [3]   This alone is probably its biggest advantage,
    and perhaps enough to choose this over ExiScan...


  o Ability to save a copy of the message (whether rejected, temporarily
    rejected, teergrubed, etc..) into a Maildir tree.  (Sure, ExiScan
    provides 'fakereject', but that's a bit harder to get working...)


  o Preservation of SA's headers, such as 'X-Spam-Status'; useful to
    keep in EXIM's "rejectlog".  (ExiScan provides $spam_report, which
    can be added in a header, but there seems to be no way to get the
    "short" spam analysis (SA's _TESTS_ macro) logged using ExiScan).



In any case - both of these are really, really powerful Exim add-ons;
nobody should live without them. :^}

-tor


[1] See http://marc.merlins.org/linux/exim/sa.html
[2] See http://duncanthrax.net/exiscan-acl/
[3] See http://www.iks-jena.de/mitarb/lutz/usenet/teergrube.en.html