Re: [exim] handling reject/deny comms in a 2-exim setup

Top Page
Delete this message
Reply to this message
Author: snowcrash+exim-users
Date:  
To: Peter Bowyer
CC: exim-users
Subject: Re: [exim] handling reject/deny comms in a 2-exim setup
hi,

> > you mention, leaving me with the probelm on content scan, is that correct?
>
> Correct


ok. clear.

> > i'm using CLAMAV & SPAMASSASSIN. both of which can listen on either
> > UNIX socket or over TCP.
>
> Look at the content scanning stuff in the docs, you can configure the
> spam and malware scanner functionality to call a TCP socket. But this
> might not do what you want - I don't know if in these particular
> cases, Exim will pass the content to be scanned across the socket -
> I've a sneaky suspicion it just passes a path/filename - relying on
> the process the other end of the socket to open the content file
> directly.


the response i'd gotten earlier on _this_ was,

  > The reality would be:
  > Data          Flow           Type
  > Message       edge -> core   AV scan
  > Result        core -> edge   Hit/Not hit
  > Message       edge -> core   SA Scan
  > Result        core -> edge   SA report
  > Message       edge -> core   Message delivery

>
> Note that the "Result" data is far smaller, in most cases, than the
> message itself; and that the first pass will only take place for
> messages with MIME parts of an appropriate type anyway (the malware
> condition is quite choosy, as it should be).


where i understood the WHOLE message is passed three times, in the
case of a 'good' message.

guess i need to re-google & re-read :-/

> So you'd need to do this over NFS or similar. Getting nasty.


if you're correct in this, the yes, 'nasty'. and i'll look for
another route ...

> > the message will make
> > multiple network traversals from "edge" to "core", even for an OK
> > message.


> Yes - is internal network traffic that expensive, though?


and there's my mentioned guess/sense rather than experience. it
depends on what your definition of "that" is, i s'pose ...

> > per an earlier recommendation, i'd looked at ASSP as an SMTP proxy ---
> > but my understanding was that if deployed ON the "edge" router, the
> > 'work' would be done there as well ...
>
> I didn't mean an intelligent proxy like ASSP, which does indeed do the
> 'work', I meant a simple pass-through proxy - perhaps even just a
> reverse NAT. Then there's no work at all on the edge server.


ah. well that's what i do currently ... my exim box IS the lan-box,
and NAT redirects port 25 traffic to the internal LAN box, port 25.

> In fact, you don't then need the edge server at all.


hm. the whole point of this exercise is to use the edge server to
OFFLOAD load from the LAN/LAN-server, rejecting the "huge" majority of
spam @ SMTP-chat at the edge, and to prevent suspect email from ever
"setting foot" on the lan ...

i must muse on this, methinks.