On Monday October 23, 2006 at 11:49:47 (AM) Dennis Peterson wrote: > Gerard Seibert wrote: > > On Sunday October 22, 2006 at 09:49:38 (PM) Dennis Peterson wrote: > > > >> Gerard Seibert wrote: > >> > >>> I would rather not use the '--force-scan' option since I am not > >>> particularly interested in scanning outgoing mail. Perhaps someone has > >>> an idea how to correct this problem. > >> Because you don't scan outgoing mail I have to scan incoming mail from > >> you. My usual response when I read this kind of thing is to just go > >> ahead and blacklist you now rather than later. Please practice safe > >> messaging. > > > > That makes zero sense. Are you implying that if I were to scan an > > outbound message you would eliminate your inbound scan? You do know how > > stupid that sounds I assume. > > You clearly don't understand the problem. If everyone scanned their > outbound I'd have fewer inbound to scan. I'd still scan them but there > would be far less scanning required. Still sound stupid?
Yes, because you are dealing in a real world, not some sort of idealistic one that you would like to exist. To put it in language you might better understand, "It ain't gonna happen". Furthermore, you statement is illogical. If you would still pursue a course of scanning all of mail, in what manner does my or anyone else's use of AV scanning effect your scanning load? It doesn't effect it at all. Unless you were going to introduce header checks into your mail system. That would require even further overhead, plus you would be assuming that the sender was placing whatever headers you were check for in his/her/their mail accurately and not just spoofing the annotation. I personally would never trust such a scheme. > > Anyway, we send out several times a week flyers to our customers. These > > mailings range from 750 to 2000 messages per run. To scan 2000 identical > > messages is insane, not to mention a total waste of system resources. > > Other than going to the expense of setting up a separate mail server, > > etc. I am looking for a way to circumvent this annoyance. > Configure your mta to not scan mail from certain addresses at a > particular IP. It's a good idea to use a separate IP address for mass > mailings so that you don't land your enterprise mailer on a DNSBL. There > are people out there that will opt-in to a list but send your UBE to > SpamCop anyway. That would require two IPs which I do not presently own. I would have to pay my ISP for another one. It would probably also require another domain name to insure total separation of business divisions. The time and money spend for the very slim advantage it might create is simply no feasible at this point in time. I have dealt with SpamCop before. In fact, I even have a paid account there. They are aware of our operation and the double opt-in requirement. If any report did come to them, and none has in over two years, we are notified first before any action is taken. Now Sorbs is a different matter. I do not know how they operate; however, I have never had a problem with them either. All of our messages carry full email headers, etc. SORBS, from what I was told, lists organizations that either do not send full headers or attempt to mangle or forge them. You might remember that Google was having its GMail accounts blacklisted because of that garbage. > > We are presently investigating other mail clients to see if they meet > > our requirement. > > > > It might also be noted that presently, at least as far as I can tell, > > clamav-milter does not natively support Postfix. I have to use the > > 'sendmail.cf' for instance. It would be nice if the 'clamav' team > > developed an application that worked natively with Postfix. > PostFix recently adopted the Sendmail milter API. It is an incomplete > implementation and there are probably all manner of problems you will > find with it. It is a PostFix problem, not a ClamAV problem - PostFix > does not own the code you are using for Milter support. Last I looked > the API was not published and or was subject to change as required by > Sendmail, so using it in PostFix is probably always going to be risky. A > parallel to this is to write Excel spreadsheet translators - Microsoft > can and has changed the format of the files in the past and this results > in broken translators. That is what I am using, remember. I am fully aware that it does not work in a manner consistent with Sendmail. I use to run Sendmail with clamav-milter. It is why I believe that the clamav-milter author(s) should consider writing a milter that is fully compatible with Postfix. Postfix is a large player in the field now. It would seem that getting on board with compatible products would be a logical step. I think Wietse did a good thing in making Postfix compatible with at least some of the Sendmail milters that are roaming around out there. He admits he did not get it fully 100% compatible due to the structural differences between Postfix and Sendmail. I appreciate his effort. -- Gerard _______________________________________________ http://lurker.clamav.net/list/clamav-users.html
