Author: W B Hacker Date: To: exim users Subject: Re: [exim] Best way to "copy" incoming message to additional
mailhost?
Mike Wilson (Yahoo!) wrote: > We're doing some spam filter testing and I'd like to copy messages
> coming into our users on the existing mail server to the spam host to
> test the filtering. We've got spamassassin setup and later we're going
> to test out some hardware option... we want to compare them and see
> which one does a better job.
>
> What would be the best way to send a unseen copy of all incoming mail on
> our primary mailhost to our spamhost?
>
One can insert an 'unseen' router and associated transport, then smtp or bsmtp a
copy of the 'flagged' traffic off-box to that host.
CAVEAT: This can skew the comparison, potentially 'bigtime'
When you attach to send via smtp, the filtering engine is going to see ALL such
traffic coming from the 'last mile' of YOUR Exim box.
That robs it of the rich toolset of vetting arrivals by the submitting server's
characteristics, including rDNS, RBL hits, HELO credentials/forgery, and several
potential smtp protocol (mis)behaviour faux pas of the *actual* source.
Doing a round-robin takeover of the IP listed in your (test? live?) MX RR so
that each box in turn 'sees' live traffic w/o prior intervention would be a
RPITA, but more accurate.
As most spam is target-agnostic and is likely to hit BOTH boxen in much the same
mix, one could also run Exim and the 'other' filter in parallel on separate
domains. And/or swap their responsibility once a day...
RPITA, yes. But relying contaminates some of the most important parts of the test.