James Wilkinson wrote:
These days, Postfix supports the sendmail milter interface. It always has run under different user IDs for security. And it has long had its own ways of tying in antivirus and spam scanning.
Do you know if it can run MimeDefang? This is probably the most efficient and versatile one around because it wraps all the steps you might want to do under control of a small snippet of user-provided perl and it lets sendmail reconnect for each phase so the slow steps like spamasassin scanning don't tie up processes that can be doing many fast operations like validating recipients. There are some sendmail-specific things about it, like the way it knows if the connection is authenticated or using ssl. I'd be surprised if postfix duplicated that, but it might not be too hard to convert.
If you don't use an approach like MimeDefang's, you generally end up having to make a choice between starting a process for each message (slow and inefficient), or tying a large scanning process to each of the processes that handles the smtp conversation (limiting the number you can run), or batching things and losing the ability to reject in realtime during the smtp conversation based on the milter results.
-- Les Mikesell lesmikesell@xxxxxxxxx
