Author: Jethro R Binks Date: To: exim-users Subject: RE: [Exim] Exim as front door to Exchange
On Mon, 19 Apr 2004, Dickenson, Steven wrote:
> Matt B wrote:
> > I run the same setup (But haven't managed to get the manualroute
> > going as of yet)..
> > Internal exchange server is 192.168.1.11 domain name theoffice.net..
> > Email is routed to the externally accessible box on port 25 running
> > exim with mailscanner. It works perfect for the domains setup on the
> > box itself, but I can't fathom sending to the exchange after
> > mailscanner has a shot at the mail. Any ideas?
>
> As I understand it, MailScanner requires you to run Exim as two daemons,
> running different queues. ... > Mailscanner adds another layer of complexity to your setup that I don't have
> any experience with. Any reason you choose Mailscanner over Exiscan? They
> provide the same basic features.
I'll chip in here, since I have used MailScanner successfully for some
years.
MailScanner does pretty much require two Exim configurations: one to
accept mail and put it in a queue (which the MailScanner daemons then
read), and another for the instance called by MailScanner to deliver a
message onwards. You can do it in one configuration file with fudgery,
but I prefer not to do so.
The main issue with MailScanner is that it processes messages after SMTP
time, so you can't have rejection based on its criteria at the time of
receiving a message. If a message is found to be worthy of non-delivery,
you must make some decision to: inform the sender, inform the recipient,
inform the administrator, dump and inform no-one. The first of these is
undesirable these days, as the chances are the sender is forged. The
second can get annoying when there is nothing the recipient can do about
it. The third is only useful at a small site. The fourth is probably
'best' in some sense, except for the fact that mails then disappear into a
black hole, and if it is a false positive, you can get political problems
(sender doesn't know it wasn't delivered, and recipient doesn't know it
was sent unless advised out-of-band).
For an MX host, I would probably not now implement MailScanner for some
things; I would probably use Exiscan/SA-Exim stuff, to get that RCPT-time
rejection. However MailScanner as a framework is still useful, and
internally to a site where you have better knowledge of the client base,
the mail client capabilities, and traceability, it is good for mail
checking (you can return extensive error messages on reasons for
rejection). The internal risk of sending a bounce message to a forged
sender is manageable.
Note that I've not used a MailScanner more recent than one year old, so
I'm not completely up-to-date on features these days.