Re: [Exim] Split services exim / spamassasin / amavis

Top Page
Delete this message
Reply to this message
Author: Bruce Richardson
Date:  
To: Exim users list
Subject: Re: [Exim] Split services exim / spamassasin / amavis
--
On Wed, Mar 24, 2004 at 05:10:10PM +0000, Tim Jackson wrote:
> On Wed, 24 Mar 2004 16:34:54 +0000 Bruce wrote:
>
> > If load is an issue, you would not want the scanning box to be the
> > one
> > taking incoming mail directly from the internet. If you did set it
> > up
> > that way and the scanning box became heavily loaded, it would start
> > refusing incoming connections. Better to have the gateway box just
> > receiving incoming mail. Then it can queue mail if the scanning box
> > is
> > too busy to accept connections. It's a more resilient set-up, less
> > vulnerable to sudden surges in incoming mail.
>
> True, but bear in mind that if you do it this way round, you lose the
> ability to reject at SMTP time,


Depends how you do it. If I were going to have a separate virus
scanning host, I'd use clamav and run exiscan on the gateway host, so
this wouldn't be a problem for me. The OP outlined his set-up though,
and what he wanted, and my recommendations were based on that.

> and are thus in the unenviable position of
> likely having known spam/viruses in your hands, which you can't reject
> (because you've already accepted it) and can't (ethically) bounce
> (because
> you'll spam innocent people), leaving you to either deliver it to a
> "quarantine"-type mailbox (fine if that suits you) or discard it (less
> than idea since it makes your mail system unreliable).


I'm very familiar with the problems if spurious NDRs. My own gateway
hosts use exiscan/clamav and smtp callout verification (internal only).
It's very rare for us to accept a message and then bounce it.

--
Bruce

I object to intellect without discipline. I object to power without
constructive purpose. -- Spock
--
Content-Description: Digital signature

[ signature.asc of type application/pgp-signature deleted ]
--