Rick Moen <rick at linuxmafia.com> 28 lines of wisdom included:
> Quoting Philip Reynolds (philip.reynolds at rfc-networks.ie):
>> > 1) Providing this kind of functionality at SMTP level with Postfix
> > means leaving your server far more susceptible to DoS attack.
>> If it were not the case that the overwhelming majority of junkmail fails
> other checks _before_ SA processing (such as the callbacks and DNSBLs),
> you would have a good point.
>> I was worried about exactly that, when I first deployed sa-exim.
> However, my system load actually went way _down_ rather than up, which
> seemed like a pleasant surprise. As I said, the proof's in the pudding.
I'm sorry, this is one particular area where I've done quite a bit
of research. Content scanning at the SMTP level on large production
machines will (for want of a better phrase) bite you in the ass with
Postfix. Is your mailserver serving 100,000+ mails a day? No? Then
you probably won't have a problem, until a spammer gets hold of you
and you get joe-jobbed, relay bombed or dictionary attacked.
How Exim works, I'm unaware, I don't know it's internal
architecture. I'm aware how to configure it to work, and not much
more. What I do know is this, Postfix scales better under load,
that's from my own personal experience with Postfix and Exim and the
testimonies of numerous people. Then again, this is a design goal of
Postfix, I'm under the impression it's not the design goal of Exim.
> That has the unfortunate disadvantage that you cannot any longer reject
> rather than bounce, and cannot perform other real-time processing that
> inherently can only be performed (or only usefully performed) during the
> SMTP converation.
Postfix can reject mail based on practically any circumstance, now
the policy daemon has been introduced, but it has native support for
access maps, RBL's, header_checks and plenty of other sanity checks
that allows it to reject at SMTP level. Scanning of content (i.e.
spam filtering, virus scanning) should be done AFTER the e-mail is
accepted.
The main problem is when your bandwidth is quite large and you
deliver/accept a lot of mail. I'm simply warning people off doing
this on production level machiens, and taking what you're saying as
some sort of holy grail of spam stopping techniques. What you're
saying, doesn't fit in with Postfix architecture, and Wietse agrees
with me that scanning at the SMTP level is more dangerous (even if
it's nicer) than after.
Accept mail, scan it then bounce it. I won't bother repeating myself
anymore.
--
Philip Reynolds | RFC Networks Ltd.
philip.reynolds at rfc-networks.ie | +353 (0)1 8832063
http://people.rfc-networks.ie/~phil/ | www.rfc-networks.ie
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
