hi,
> > you mention, leaving me with the probelm on content scan, is that correct?
>
> Correct
ok. clear.
> > i'm using CLAMAV & SPAMASSASSIN. both of which can listen on either
> > UNIX socket or over TCP.
>
> Look at the content scanning stuff in the docs, you can configure the
> spam and malware scanner functionality to call a TCP socket. But this
> might not do what you want - I don't know if in these particular
> cases, Exim will pass the content to be scanned across the socket -
> I've a sneaky suspicion it just passes a path/filename - relying on
> the process the other end of the socket to open the content file
> directly.
the response i'd gotten earlier on _this_ was,
> The reality would be:
> Data Flow Type
> Message edge -> core AV scan
> Result core -> edge Hit/Not hit
> Message edge -> core SA Scan
> Result core -> edge SA report
> Message edge -> core Message delivery
>
> Note that the "Result" data is far smaller, in most cases, than the
> message itself; and that the first pass will only take place for
> messages with MIME parts of an appropriate type anyway (the malware
> condition is quite choosy, as it should be).
where i understood the WHOLE message is passed three times, in the
case of a 'good' message.
guess i need to re-google & re-read :-/
> So you'd need to do this over NFS or similar. Getting nasty.
if you're correct in this, the yes, 'nasty'. and i'll look for
another route ...
> > the message will make
> > multiple network traversals from "edge" to "core", even for an OK
> > message.
> Yes - is internal network traffic that expensive, though?
and there's my mentioned guess/sense rather than experience. it
depends on what your definition of "that" is, i s'pose ...
> > per an earlier recommendation, i'd looked at ASSP as an SMTP proxy ---
> > but my understanding was that if deployed ON the "edge" router, the
> > 'work' would be done there as well ...
>
> I didn't mean an intelligent proxy like ASSP, which does indeed do the
> 'work', I meant a simple pass-through proxy - perhaps even just a
> reverse NAT. Then there's no work at all on the edge server.
ah. well that's what i do currently ... my exim box IS the lan-box,
and NAT redirects port 25 traffic to the internal LAN box, port 25.
> In fact, you don't then need the edge server at all.
hm. the whole point of this exercise is to use the edge server to
OFFLOAD load from the LAN/LAN-server, rejecting the "huge" majority of
spam @ SMTP-chat at the edge, and to prevent suspect email from ever
"setting foot" on the lan ...
i must muse on this, methinks.