[CentOS] Re: Kind of OT: internal imap server
lesmikesell at gmail.com
Fri Sep 1 17:35:14 UTC 2006
On Fri, 2006-09-01 at 22:48 +0800, Feizhou wrote:
> >> Hence why I have spamassassin used to filter after the mail is queued.
> >> Do you make mimedefang run spamassassin on all your mails before queueing?
> > Inbound only, and after the other faster checks (virus, etc.) that
> > might cause rejection are done. The advantage of scanning during
> > the SMTP conversation is that you can still reject with a
> > message that would find its way back to a legitimate sender
> > without having to construct the bounce yourself.
> I don't bounce the mail. I just tag the mail as a possible spam.
> Different ways of handling this :)
I mostly do that too, but I've tweaked some of the spamassassin rules
(vi*gra, etc.) to extremely high values, then MimeDefang rejects
on values that can only be reached that way with lower values
passed in a header tag for user processing.
> > Actually you can have multiple milter processes if you want, but
> > MimeDefang handles about everything. Also, sendmail has separate
> > conversations with the milter(s) for each operation which
> > MimeDefang might hand off to different slaves. The side effect
> > is that you don't block on some other long-running process unless
> > you are out of slaves but you also can't count on globals that
> > you set in one step (checking the sender or recipients) to be
> > available in later steps - but MimeDefang passes most of the
> > information you need each time and has dropped a complete
> > copy of the message broken out into its MIME components in
> > files where the programs can find them (hence the name and
> > the advantage of running multiple scanners under its control).
> So you are saying that mimedefang is not reliable if not provided enough
No, I didn't say anything even close to suggesting that - and I'm
curious as to why you imagined I did. What I said was that different
phases of the filtering are likely to be handled in different processes
so your programming should be done accordingly.
> What happens to the mail then? temporary reject or let through?
Sendmail will tempfail if it can't connect to it's configured
milter(s) or it gets a socket error and there are 4 timeouts that can
be set per-milter if you don't like the defaults. And of course
has its own configurable limit on the number of sendmail children.
MimeDefang will tell sendmail to tempfail if a slave runs out of
resources or crashes - like a virus scanner unpacking one of those
zip-of-death archives might if it is configured incorrectly. The
mimedefang-multiplexor process controls the slaves with a lot of options
that I've never had to change from the defaults.
lesmikesell at gmail.com
More information about the CentOS