--
All,
I apologize if this has been covered already. I did a quick search
through my mail history, I have been on the exiscan and exim lists since
September, but did not see the topic discussed.
I am designing a new mail system that will use spamassasin and clamAV
to scan mail during the SMTP transaction. This way I can reject the mail
before it is accepted.
The idea is to have two scanning boxes that are accessible to check for
spam and viruses. *
As I understand the possible solutions I can use are exiscan and/or
sa-exim. I have a test machine patched with both currently and I am
using exiscan to reject malformed mime, and scanning/rejecting with
clamAV. I am using sa-exim for spam checking.
What I like about exiscan is the ability to use an external box to do
the scanning (spamd_address, av_scanner). From what I have gathered the
sa-exim patch calls spamc to scan the message and what I like most about
this patch is that I can get more of the headers from SA. If anyone
knows a way to get more than $spam_report and $spam_score headers from
exiscan please let me know. I have SA configured to give me
X-Spam-Checker-Version:
X-Spam-Level:
X-Spam-Status:
I assume I could write a filter to check the score and add the status
boolean but there is some additional information that SA passes that I
would like to have access to.
Having the ability to scan on a remote machine and have additional
headers would be great.
With my existing configuration clamd can be running on a remote host and
as far as I know SA cannot, since I'm using sa-exim.
Ideally I would like to have the scanning, spam and virus, done on two
boxes and the traffic load balanced during optimal operations and fail
over during sub-optimal operations (read: scanning box X kicks the
bucket). I understand that because I have multiple mail exchangers
evenly weighted I will get reasonable load balancing but I also want to
protect the scanning boxes from being over loaded when one of the
exchangers dies.
Looking at the syntax for av_scanner I see:
av_scanner = <scanner-type>:<option1>:<option2>:[...]
Is it possible to have multiple av_scanner lines? If so how does it act
when there are two or more?
Same questions with spamd_address.
Additionally if all the scanning boxes die I would like to accept the
mail anyway and possibly add a header to email so that users can sort
the mail and trust it a bit less. Maybe
X-SCANNED: FALSE
So to sum it up: Multiple spam/virus scanning boxes that are load
balanced. When one scanning box dies the other picks up the slack and
when both die the mail is passed along blindly and a header is added
letting the users know the scanner is down.
I may be asking for too much here but this is my ideal set up. How close
to this can I get with the software currently? Am I missing something
here big or little? I'm open to any/all suggestions.
--
Gary Rule 2.6.0-mm1 GNU/Linux
Systems Administrator
Ph: 617.873.3274
Fx: 617.873.4500
--
C-3PO:
Don't call me a mindless philosopher, you overweight
glob of grease!
--
--
Content-Description: This is a digitally signed message part
[ signature.asc of type application/pgp-signature deleted ]
--
