On Fri, 2005-03-25 at 03:09, Barads wrote:
> Having run mimedefang for a few months and now having run mailscanner
> for a few months I think that mailscanner is superior in the following ways;
>
> Mailscanner has ONE configuration file that controls its behaviour
> spamassasin's behaviour and any virus scanners behaviour. This file is
> very very well commented and makes it easy to configure. Mimedefang had
> me editing perl scripts and adding subroutines etc etc to get it to
> perform in a similar way, not configuration friendly and most of the
> time it seems like a quick hack of a system.
That's a tradeoff between ease of configuration and flexibility. For
the arms race between spammers and spam scanners I prefer the flexible
side as long as there are clear examples of working configurations
and a helpful mailing list.
> Mailscanner is being actively development and supported. I think
> mimedefang went for several months without an update.
Mimedefang is a subset of a supported commercial product called canit
and its development seems fairly complete. Updates fixing reported
bugs happen very quickly and new features can be added through
the snippet of perl used for local configuration.
> Mailscanner's messages, notifications and quarantine hadnling is more
> professional than mimedefang's.
Ummm, those are *completely* controlled by your local configuration in
mimedefang. If you don't like them, change it.
> And, given that my mailscanner configuration is running in conjunction
> with sendmail, I too have the access features of sendmail, greylists and
> RBLs !
With Mimedefang you can combine the RBL responses with the spam scanner
scoring before deciding if you want to accept or reject. If sendmail
does part by itself you have to consider these independently. Likewise
you can greylist only messages with spam content because you know before
issuing the smtp accept.
> As far as rejecting spam during the SMTP session is concerned.........
> it seems cool at first but I dont know if there is any *real* benefit it
> as you have to receive all of the message anyway before determining that
> it is spam, so why not just receive it and tag it then ? No need for a
> bounce.
If you accept everything it doesn't make any difference. These days
known viruses should be silently dropped since the sender is always
forged, so that doesn't make much difference either. However if you
reject spam at a certain scanner threshold you should be notifying
the sender with a polite rejection message in case your determination
was incorrect. Issuing a 5xx smtp response is fast and painless on
your end and if the sender is a spam-bot will be the last anyone sees
of it. However if the message is really legitimate and coming through
a normal relay, the text you issue along with the 5xx code will find
its way back to the sender so he can rephrase and try again, following
the gentleman's agreement among MTA's not to discard anything (that
has been grudgingly broken out of necessity for viruses). If you
try to construct your own bounce after accepting you end up queuing
up a lot of messages to unresponsive addresses.
--
Les Mikesell
les@xxxxxxxxxxxxxxxx
