Re: [exim] Exim & Spamassassin at SMTP time

Kezdőlap
Üzenet törlése
Válasz az üzenetre
Szerző: Chris Wilson
Dátum:  
Címzett: exim.ml@riotm.co.uk
CC: exim-users
Tárgy: Re: [exim] Exim & Spamassassin at SMTP time
Hi Daniel,

On Tue, 9 Mar 2010, exim.ml@??? wrote:

> For a few years I have been using Postfix largely because I inherited
> the 'skills' from a support based role where it made up a large portion
> of an anti-spam appliance I worked with.
>
> Recently I've started to look for reasons to justifiably try Exim and
> look at what it can do 'better' or 'differently' to Postfix.


You may find this presentation (of mine) useful:

http://www.ws.afnog.org/afnog2009/sse/exim/afnog-2009-exim-presentation.pdf

In particular pages 5 and 6 say:

Why use Exim?

* Flexible (lots of features)
* Reasonably secure
* Reasonably scalable
* Good debugging options
* Sane configuration syntax

Why not to use Exim?

* Not every problem is a nail
* Simplicity? Use postfix or qmail
* Top security? Use qmail
* Faster delivery? Use postfix or sendmail
* Insane configuration file? Use sendmail
* Note: Exim is not designed for spooling large amounts of mail and not
very good at it

> I'm told that Exim has a steep learning curve and 'ordinary' admins
> struggle with it when compared to Postfix - does anyone here hold a view
> on that?


I think it is more difficult to use, because it's much more powerful than
any other MTA I can think of, and that makes it more complex to configure,
and hence more difficult to learn.

If postfix can do everything you want, then I suggest you stick with it
for simplicity. I assert that there is nothing that an MTA might usefully
do that Exim cannot do.

> My cursory searches suggest that Spamassassin can be implemented with
> Exim but I'm keen to know if it's possible to get Exim to reject
> messages that Spamassassin scores at 'x' during the SMTP session {rather
> than after accepting the message} Currently I can get Postfix to do this
> but have to plug a slightly buggy and exploitable milter into it to do
> this. I'd be very keen on an MTA that could do this easily - does Exim
> tick this box?


Yes: http://marc.merlins.org/linux/exim/sa.html

> I would like to make use of Bounce Address Tag Validation. I've seen it
> in my logs but it appears that Postfix has only an experimental
> milter/PD for this - does Exim have a solution for this and is it easy
> to implement? http://en.wikipedia.org/wiki/Bounce_Address_Tag_Validation


Yes:

http://www.exim-users.org/forums/showthread.php?t=51895
http://www.exim-users.org/forums/showthread.php?t=56425

> Postfix allows some basic header and body checking (but does not really
> have an effective way to white list such rules) - does Exim have similar
> or better features in this area?


Exim can apply any expression to the header and the body, including
applying regular expressions and lookups in the filesystem, LDAP and SQL
databases in any combination. The ACL syntax is basically a programming
language; I think it is Turing-complete. That's one reason why it's so
powerful and quite hard to learn.

> As far as SASL goes with Exim, is it limited to Cyrus or can it use
> Dovecot?


Exim uses saslauthd and apparently works with Dovecot:

http://wiki.exim.org/AuthenticatedSmtpUsingDovecot

> Can Exim support 'virtual' domains with this kind of scenario:
> Accept mail for catchall@domain for virtual mailbox on the local machine
> Accept mail for catchall@domain and relay to a final destination server
> Accept mail for x.recipient@domain1 and deliver to local virtual mailbox
> Accept mail for y.recipient@domain1 and relay to remote final
> destination.


Exim can do anything you can possibly imagine with virtual domains. You
might find the tutorial I posted above useful for this.

> Can I get Exim to archive a copy of all mail that passes through it by
> piping it to another indexing program?


You could, with a transport filter, but a carbon copy mailbox might be a
better way to archive copies of all mail, depending on what you want to
do.

> How does Exim fair as far as DKIM signing / verification goes?


http://wiki.exim.org/DKIM

> Finally, I'm guessing and taking as read Exim supports rejecting on
> DNSBL's, missing/errors in PTR and invalid recipients (either by looking
> to LDAP, a PostgreSQL or MySQL database)


Yes, see for example the presentation I posted earlier, and these:

http://www.exim.org/howto/rbl.html
http://www.gossamer-threads.com/lists/exim/users/77228
http://www.tty1.net/virtual_domains_en.html

> I appreciate that this is a long post with lots of questions. I want to
> be 'patriotic' and try an English MTA but need to be sure I'm not going
> to get into several months of 'learning' to find that I've gone the
> wrong way!


Please note that I answered all your questions in 15 minutes using Google.

Cheers, Chris.
-- 
_ ___ __     _
  / __/ / ,__(_)_  | Chris Wilson <0000 at qwirx.com> - Cambs UK |
/ (_/ ,\/ _/ /_ \ | Security/C/C++/Java/Perl/SQL/HTML Developer |
\ _/_/_/_//_/___/ | We are GNU-free your mind-and your software |