Hi, LOL, I just re-read what you said and I agree with you. Below is a dis-agreement that I figured I'd post anyways since it's written to those MX loving ideas. Some of the below applies to your idea as well.
- new message - Great in theory, but not so great in implementation. My currect mail server servers 231 domains, some will want it, some won't. Even if only 50% of the domains want it, that's 115 IP Address's I can't justify to ARIN. Yesh, last I heard even SSL http servers weren't justifiable. Makes it very hard to get more IP Address space from ARIN that way. I have to ask why you would want qmail-scanner to ignore some domains though? My current solution is to run qmail-scanner for ALL mail, but only for virus scanning. I leave per domain spamassassin et al scanning up to .qmail-default files (in my case) or .procmailrc files for those using sendmail etc. This method allows me, what I think, great flexability. If a domain suddenly wants spamassassin scanning etc, all I have to do is modify one file. If we were to look at your method, we'd have to add an IP address, modify DNS, wait for DNS mods to take effect (sometimes up to 2 month's for Sympatico's DNS to notice, wtf is up with that?), modify the tcp.smtp.cdb file, etc etc. Not worth it IMHO for larger sites. So far our current solution Works great, Less filling. Regards, Rick ----- Original Message ----- From: "chris" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, June 06, 2002 8:02 PM Subject: [Qmail-scanner-general]Per domain config. Hello list, I've talked about this issue before here on this list and feel the setup can be improved. Quoting from the Q-S FAQ: 1.. How do I make Qmail-Scanner only scan mail for some local domains?. 2 words: "MX records" :-) Put two IP addresses on your mail server, change the MX records for those domains you want scanned go to one IP address, and the rest to the other. Then you simply have an instance of qmail-smtpd running on each address - one with QMAILQUEUE defined and one without. This is *majorly* better than coding Qmail-Scanner to ignore certain addresses - this way Qmail-Scanner isn't called at all for the domains you don't want to protect. I set this up, and while it works, it's a pain. Esp. with a cluster of 4-5 mail servers... It seems to me the best place to do this per-domain scanning (not local users vs. external users) would be in TCPSERVER... just like what was recommended if you wanted to scan/not scan local's/outside mail. You wrote a tcp.smtp file that had your internal (don't want to scan) IP's (such as 10.x.x.x) and set QMAILQUEUE="" then another rule for all other IP's to scan ":allow,QMAILQUEUE="/var/qmail/bin/qmailscanner-queue.pl" etc... Like I said, this works great for the difference between internal mail vs. external... It does nothing for setting scan/no scan on a per-domain basis... the on going consensus has been to use MX records to point to different host IP's on the mail server, then run multiple instances of qmail-smtpd (tcpserver on a per host basis) with a QMAILQUEUE set or un-set... _______________________________________________________________ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm _______________________________________________ Qmail-scanner-general mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
