[AMaViS-user] [Fwd: Re: Amavis in pre-queue mode]
Original-Nachricht Betreff: Re: [AMaViS-user] Amavis in pre-queue mode Datum: Wed, 17 Dec 2008 09:01:50 +0100 Von: Ralf Heidenreich r...@lx-work.de An: mouss mo...@netoyen.net Referenzen: 4947b648.8040...@lx-work.de 4947e3d8.7030...@netoyen.net Hello mouss, my idea was to let amavis decide what to do with the mails. But it is not easy, i think it is impossible. Now I have the same idea as you. I let postfix run on 2 IPs. One IP for reject, and one IP for taganddeliver. Thank you for your informations. If you have any ideas to run postfix and amavis with one IP, let me know, please. greetings Ralf mouss schrieb: Ralf Heidenreich a écrit : Hello, i have a problem. I have a mailserver (postfix), and amavis is working. I am receiving mail for several domains. Some customers want the spam delivering mode taganddeliver or reject. I have this realized with policy banks. Amavis in post-queue mode works fine. Due to a law, I must use amavis in pre-queue mode. Thats the problem. In the past it was the following: Postfix receives the mail, and depend on a lookup table, the mail is given to amavis on several ports. One port is for taganddeliver, an one port is for reject. If a mail comes to amavis throug the defined port, amavis loads the policy. Will I use amavis in pre-queue mode, all mails must going to amavis. Amavis must load the right policy for taganddeliver or reject. My current config is @local_domains_maps = ( [.$mydomain,localhost], read_hash(/etc/postfix/virtual_domains) ); I need 3 hashes. One for the domains there is reject used One for the domains there is taganddeliver used One for the domains there is nofilter used. Howe can I realize that? If you have multiple IPs, the simplest solution would be to use different MXes. Otherwise, one problem is what to do if a single mail is destined to multiple recipients with different actions: you can't reject and deliver at the same time! A somewhat related discussion: http://marc.info/?l=amavis-userm=104639986104274w=2 -- SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada. The future of the web can't happen without you. Join us at MIX09 to help pave the way to the Next Web now. Learn more and register at http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/ -- SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada. The future of the web can't happen without you. Join us at MIX09 to help pave the way to the Next Web now. Learn more and register at http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
[AMaViS-user] [Fwd: Re: Amavis in pre-queue mode]
Original-Nachricht Betreff: Re: [AMaViS-user] Amavis in pre-queue mode Datum: Wed, 17 Dec 2008 09:26:09 +0100 Von: Ralf Heidenreich r...@lx-work.de An: Luis Daniel Lucio Quiroz luis.daniel.lu...@gmail.com Referenzen: 4947b648.8040...@lx-work.de 200812161258.54671.luis.daniel.lu...@gmail.com Hello, the law says: if a mail is in the queue, you must deliver it. Never mind if it is spam or not. To avoid this, amavis must reject the mail in the smtp-dialogue. While the connection is open, i can reject it. If the mail is queued, the connection is closed. And the mail must be delivered. So I must switch amavis to pre-queue mode. What do you mean with: postfix1(smtp)-amavis-postfix2(smpt) (10026/tcp for example)- ??? + www.postfix.org says After-queue-filter: Network or local users - Postfixqueue - Contentfilter - Postfixqueue - Network or local mailbox ++ www.postfix.org says Before-Queue Content Filter Internet - Postfix SMTP server - Before queue filter - Postfix SMTP server - Postfix cleanup server - Postfix queue -smtp,local,virtual greetings Ralf Luis Daniel Lucio Quiroz schrieb: Exactly What does law say, When you use postfix in postquee trafic is this: -postfix1(smtp)-amavis-postfix2(smpt) (10026/tcp for example)- Postfix1 can be used to stop and do any prefiltering, therefore, amavis wont have heavy load after postfix1 has discard some basic rules. There is not difference using postfix because it is a daemon, ifyou want to use amavis in prequeue you should use a milter. The problem is that here, amavis will have all load and then postfix will only relay mail. On Tuesday 16 December 2008 08:08:08 Ralf Heidenreich wrote: Hello, i have a problem. I have a mailserver (postfix), and amavis is working. I am receiving mail for several domains. Some customers want the spam delivering mode taganddeliver or reject. I have this realized with policy banks. Amavis in post-queue mode works fine. Due to a law, I must use amavis in pre-queue mode. Thats the problem. In the past it was the following: Postfix receives the mail, and depend on a lookup table, the mail is given to amavis on several ports. One port is for taganddeliver, an one port is for reject. If a mail comes to amavis throug the defined port, amavis loads the policy. Will I use amavis in pre-queue mode, all mails must going to amavis. Amavis must load the right policy for taganddeliver or reject. My current config is @local_domains_maps = ( [.$mydomain,localhost], read_hash(/etc/postfix/virtual_domains) ); I need 3 hashes. One for the domains there is reject used One for the domains there is taganddeliver used One for the domains there is nofilter used. Howe can I realize that? Thanks and greetings Ralf --- --- SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada. The future of the web can't happen without you. Join us at MIX09 to help pave the way to the Next Web now. Learn more and register at http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com / ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/ -- SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada. The future of the web can't happen without you. Join us at MIX09 to help pave the way to the Next Web now. Learn more and register at http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/ -- SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada. The future of the web can't happen without you. Join us at MIX09 to help pave the way to the Next Web now. Learn more and register at http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Amavis in pre-queue mode
Ralf Heidenreich a écrit : Hello mouss, Hi Ralf, my idea was to let amavis decide what to do with the mails. But it is not easy, i think it is impossible. Now I have the same idea as you. I let postfix run on 2 IPs. One IP for reject, and one IP for taganddeliver. Thank you for your informations. If you have any ideas to run postfix and amavis with one IP, let me know, please. The first problem to fix is make sure to never handle mail for recipients in different classes (reject vs taganddeliver). This can be done with a policy service (if the first recipient is in reject, then tempfail any recipient that is in taganddeliver, ... etc). once this is done, you can do it like this: - configure amavisd-new to add a +spam extension if the message is spammy. - configure the after the queue smtpd to reject mail to recipients with +spam extension if they are in a reject at smtp time domain. cheers, -- mouss -- SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada. The future of the web can't happen without you. Join us at MIX09 to help pave the way to the Next Web now. Learn more and register at http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] [Fwd: Re: Amavis in pre-queue mode]
Ralf Heidenreich a écrit : Original-Nachricht Betreff: Re: [AMaViS-user] Amavis in pre-queue mode Datum: Wed, 17 Dec 2008 09:26:09 +0100 Von: Ralf Heidenreich r...@lx-work.de An: Luis Daniel Lucio Quiroz luis.daniel.lu...@gmail.com Referenzen: 4947b648.8040...@lx-work.de 200812161258.54671.luis.daniel.lu...@gmail.com Hello, the law says: if a mail is in the queue, you must deliver it. The problem with laws is that they are written in a language that we (non lawyers) can't read ;-p does this simply means you can't discard mail? or even a quarantine is prohibited? and what about the following scheme: - unwanted mail is delivered to a special mailbox (which user can access if she wants:) - this mailbox has a small quota, and get purged automatically I tend to believe that the law means to protect the recipient against what would be abusive filtering. but as your post shows, smtp is not lmtp. once you have read the message, you can't reject some recipients and accept others. Never mind if it is spam or not. To avoid this, amavis must reject the mail in the smtp-dialogue. While the connection is open, i can reject it. see my other post. you can reject with postfix (port 10026 in your example) based on the +spam extension added by amavisd-new. but this requires solving the problem of multi-recipient mail. the policy service approach should do. AFAIK, Postini do something similar (tempfail if a recipient in another domain is used). If the mail is queued, the connection is closed. And the mail must be delivered. So I must switch amavis to pre-queue mode. What do you mean with: postfix1(smtp)-amavis-postfix2(smpt) (10026/tcp for example)- ??? + www.postfix.org says After-queue-filter: Network or local users - Postfixqueue - Contentfilter - Postfixqueue - Network or local mailbox ++ www.postfix.org says Before-Queue Content Filter Internet - Postfix SMTP server - Before queue filter - Postfix SMTP server - Postfix cleanup server - Postfix queue -smtp,local,virtual -- SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada. The future of the web can't happen without you. Join us at MIX09 to help pave the way to the Next Web now. Learn more and register at http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Amavis in pre-queue mode
Hello mouss, now i have postfix configured to listen on 2 ipaddresses. 1 IP has configured to give all mail on amavis port 10024. this triggers the policybank for taganddeliver. The other ip is configured to give all mail to amavis port 10025. this triggers the policybank for reject. The decision on what interface postfix receives mail, is configured in DNS. There are 2 hosts. mail and mail2. If a customer want to reject spammails, the mx for his domain delivers mails to the host mail2. I hope thats corrects my problem. Do you agree with me? greetings Ralf mouss schrieb: Ralf Heidenreich a écrit : Hello, i think i preferr the option with two ipaddresses. and I agree with you! cheers, -- mouss -- SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada. The future of the web can't happen without you. Join us at MIX09 to help pave the way to the Next Web now. Learn more and register at http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/ -- SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada. The future of the web can't happen without you. Join us at MIX09 to help pave the way to the Next Web now. Learn more and register at http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] [Fwd: Re: Amavis in pre-queue mode]
On Wed, Dec 17, 2008 at 09:39:20AM +0100, Ralf Heidenreich wrote: Original-Nachricht Betreff: Re: [AMaViS-user] Amavis in pre-queue mode Datum: Wed, 17 Dec 2008 09:26:09 +0100 Von: Ralf Heidenreich r...@lx-work.de An: Luis Daniel Lucio Quiroz luis.daniel.lu...@gmail.com Referenzen: 4947b648.8040...@lx-work.de 200812161258.54671.luis.daniel.lu...@gmail.com Hello, the law says: if a mail is in the queue, you must deliver it. Never mind if it is spam or not. I'm no expert on German law, but I do know that there are other German system administrators who are not running amavisd in pre-queue mode, so I wonder if perhaps someone has given you an overzealous interpretation of the law. amavisd can run in pre-queue mode but it is not a recommended configuration for performance reasons. -- Clifton -- Clifton Royston -- clift...@iandicomputing.com / clift...@lava.net President - I and I Computing * http://www.iandicomputing.com/ Custom programming, network design, systems and network consulting services -- SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada. The future of the web can't happen without you. Join us at MIX09 to help pave the way to the Next Web now. Learn more and register at http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] [Fwd: Re: Amavis in pre-queue mode]
Original-Nachricht Datum: Wed, 17 Dec 2008 06:56:14 -1000 Von: Clifton Royston clift...@lava.net An: Ralf Heidenreich r...@lx-work.de CC: AMaViS-user@lists.sourceforge.net Betreff: Re: [AMaViS-user] [Fwd: Re: Amavis in pre-queue mode] On Wed, Dec 17, 2008 at 09:39:20AM +0100, Ralf Heidenreich wrote: Original-Nachricht Betreff: Re: [AMaViS-user] Amavis in pre-queue mode Datum: Wed, 17 Dec 2008 09:26:09 +0100 Von: Ralf Heidenreich r...@lx-work.de An: Luis Daniel Lucio Quiroz luis.daniel.lu...@gmail.com Referenzen: 4947b648.8040...@lx-work.de 200812161258.54671.luis.daniel.lu...@gmail.com Hello, the law says: if a mail is in the queue, you must deliver it. Never mind if it is spam or not. I'm no expert on German law, but I do know that there are other German system administrators who are not running amavisd in pre-queue mode, so I wonder if perhaps someone has given you an overzealous interpretation of the law. I think that the original sender knows about the law. I am not a German but I think that the German law says that you ARE ALLOWED to drop any message as long as you don't have accepted the message. So having amavisd running in pre-queue allows you to DROP the message and just send a normal SMTP error code. That is allowed by law. But you are NOT ALLOWED to accept the mail and then later doing some processing where you ERASE/DROP/WHATEVER the mail. This is not allowed by law. So you accept the mail - you have to deliver the mail. That's probably the reason he wants to run amavisd in pre-queue because this would allow him to fight spam/malware and block spam/malware and drop spam/malware without having to accept the mail. amavisd can run in pre-queue mode but it is not a recommended configuration for performance reasons. -- Clifton // Steve -- Clifton Royston -- clift...@iandicomputing.com / clift...@lava.net President - I and I Computing * http://www.iandicomputing.com/ Custom programming, network design, systems and network consulting services -- SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada. The future of the web can't happen without you. Join us at MIX09 to help pave the way to the Next Web now. Learn more and register at http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/ -- Sensationsangebot verlängert: GMX FreeDSL - Telefonanschluss + DSL für nur 16,37 Euro/mtl.!* http://dsl.gmx.de/?ac=OM.AD.PD003K1308T4569a -- SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada. The future of the web can't happen without you. Join us at MIX09 to help pave the way to the Next Web now. Learn more and register at http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Amavis in pre-queue mode
Ralf Heidenreich a écrit : Hello, i think i preferr the option with two ipaddresses. and I agree with you! cheers, -- mouss -- SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada. The future of the web can't happen without you. Join us at MIX09 to help pave the way to the Next Web now. Learn more and register at http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] [Fwd: Re: Amavis in pre-queue mode]
Hello, i think i preferr the option with two ipaddresses. Thanks for your help. greetings Ralf mouss schrieb: Ralf Heidenreich a écrit : Original-Nachricht Betreff: Re: [AMaViS-user] Amavis in pre-queue mode Datum: Wed, 17 Dec 2008 09:26:09 +0100 Von: Ralf Heidenreich r...@lx-work.de An: Luis Daniel Lucio Quiroz luis.daniel.lu...@gmail.com Referenzen: 4947b648.8040...@lx-work.de 200812161258.54671.luis.daniel.lu...@gmail.com Hello, the law says: if a mail is in the queue, you must deliver it. The problem with laws is that they are written in a language that we (non lawyers) can't read ;-p does this simply means you can't discard mail? or even a quarantine is prohibited? and what about the following scheme: - unwanted mail is delivered to a special mailbox (which user can access if she wants:) - this mailbox has a small quota, and get purged automatically I tend to believe that the law means to protect the recipient against what would be abusive filtering. but as your post shows, smtp is not lmtp. once you have read the message, you can't reject some recipients and accept others. Never mind if it is spam or not. To avoid this, amavis must reject the mail in the smtp-dialogue. While the connection is open, i can reject it. see my other post. you can reject with postfix (port 10026 in your example) based on the +spam extension added by amavisd-new. but this requires solving the problem of multi-recipient mail. the policy service approach should do. AFAIK, Postini do something similar (tempfail if a recipient in another domain is used). If the mail is queued, the connection is closed. And the mail must be delivered. So I must switch amavis to pre-queue mode. What do you mean with: postfix1(smtp)-amavis-postfix2(smpt) (10026/tcp for example)- ??? + www.postfix.org says After-queue-filter: Network or local users - Postfixqueue - Contentfilter - Postfixqueue - Network or local mailbox ++ www.postfix.org says Before-Queue Content Filter Internet - Postfix SMTP server - Before queue filter - Postfix SMTP server - Postfix cleanup server - Postfix queue -smtp,local,virtual -- SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada. The future of the web can't happen without you. Join us at MIX09 to help pave the way to the Next Web now. Learn more and register at http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] [Fwd: Re: Amavis in pre-queue mode]
* Steve stev...@gmx.net: I'm no expert on German law, but I do know that there are other German system administrators who are not running amavisd in pre-queue mode, so I wonder if perhaps someone has given you an overzealous interpretation of the law. I think that the original sender knows about the law. I am not a German but I think that the German law says that you ARE ALLOWED to drop any message as long as you don't have accepted the message. So having amavisd running in For the books: Currently lawyers in Germany disagree on WHEN a message has been accepted - when you accept the connection or at the end of DATA when the server says OK. pre-queue allows you to DROP the message and just send a normal SMTP error code. That is allowed by law. This is what most of the German laywers seem to agree on, yes. But you are NOT ALLOWED to accept the mail and then later doing some processing where you ERASE/DROP/WHATEVER the mail. This is not allowed by law. So you accept the mail - you have to deliver the mail. Unless the message proves to be harmful... That's probably the reason he wants to run amavisd in pre-queue because this would allow him to fight spam/malware and block spam/malware and drop spam/malware without having to accept the mail. Usually one would want to drop unwanted messages as early as possible so they don't waste ressources by later inspections. amavisd can run in pre-queue mode but it is not a recommended configuration for performance reasons. it is not a recommended configuration unless you know your average load and how your mail system can handle it. p...@rick -- All technical answers asked privately will be automatically answered on the list and archived for public access unless privacy is explicitely required and justified. saslfinger (debugging SMTP AUTH): http://postfix.state-of-mind.de/patrick.koetter/saslfinger/ -- SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada. The future of the web can't happen without you. Join us at MIX09 to help pave the way to the Next Web now. Learn more and register at http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] [Fwd: Re: Amavis in pre-queue mode]
Original-Nachricht Datum: Wed, 17 Dec 2008 23:12:31 +0100 Von: Patrick Ben Koetter p...@state-of-mind.de An: amavis-user@lists.sourceforge.net Betreff: Re: [AMaViS-user] [Fwd: Re: Amavis in pre-queue mode] * Steve stev...@gmx.net: I'm no expert on German law, but I do know that there are other German system administrators who are not running amavisd in pre-queue mode, so I wonder if perhaps someone has given you an overzealous interpretation of the law. I think that the original sender knows about the law. I am not a German but I think that the German law says that you ARE ALLOWED to drop any message as long as you don't have accepted the message. So having amavisd running in For the books: Currently lawyers in Germany disagree on WHEN a message has been accepted - when you accept the connection or at the end of DATA when the server says OK. Hey! I am Swiss and looking what is happening over in Germany in some area just makes me shake my head. But who am I? I don't get it and probably will never get some of those strange laws. pre-queue allows you to DROP the message and just send a normal SMTP error code. That is allowed by law. This is what most of the German laywers seem to agree on, yes. But you are NOT ALLOWED to accept the mail and then later doing some processing where you ERASE/DROP/WHATEVER the mail. This is not allowed by law. So you accept the mail - you have to deliver the mail. Unless the message proves to be harmful... Do the German layers and the German law agree on the definition of harmful? I would be surprised if so. That's probably the reason he wants to run amavisd in pre-queue because this would allow him to fight spam/malware and block spam/malware and drop spam/malware without having to accept the mail. Usually one would want to drop unwanted messages as early as possible so they don't waste ressources by later inspections. Yes. But if this means that running in such a way that this early dropping of unwanted messages results in more resources used compared to running in the early mode, then I really don't see the point in this early dropping. I don't agree with you that dropping early is equal in less resources used then dropping later. amavisd can run in pre-queue mode but it is not a recommended configuration for performance reasons. it is not a recommended configuration unless you know your average load and how your mail system can handle it. p...@rick Steve -- All technical answers asked privately will be automatically answered on the list and archived for public access unless privacy is explicitely required and justified. saslfinger (debugging SMTP AUTH): http://postfix.state-of-mind.de/patrick.koetter/saslfinger/ -- SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada. The future of the web can't happen without you. Join us at MIX09 to help pave the way to the Next Web now. Learn more and register at http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/ -- Pt! Schon vom neuen GMX MultiMessenger gehört? Der kann`s mit allen: http://www.gmx.net/de/go/multimessenger -- SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada. The future of the web can't happen without you. Join us at MIX09 to help pave the way to the Next Web now. Learn more and register at http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] [Fwd: Re: Amavis in pre-queue mode]
Steve a écrit : Hey! I am Swiss and looking what is happening over in Germany in some area just makes me shake my head. But who am I? I don't get it and probably will never get some of those strange laws. we don't yet have such laws in .fr and I don't read german, but as (I may) have said earlier, I think the goal is to protect against these services (anybody said hotmail?) that silently discard legitimate mail. if you configure your service according to the recipient choice (including things like discard if sender user part contains a 'z'), then I don't see how the law can interfere here. Do the German layers and the German law agree on the definition of harmful? I would be surprised if so. if something is known to be harmful, nobody will disagree. so discarding melissa or I love you infected mail should be ok. i.e. just because we can't classify every message into harmful/harmless classes doesn't mean we can't classify some of them. Yes. But if this means that running in such a way that this early dropping of unwanted messages results in more resources used compared to running in the early mode, then I really don't see the point in this early dropping. I don't agree with you that dropping early is equal in less resources used then dropping later. if you reject a lot of mail during the smtp transaction, then you save on disk IO. this is always true if your reject based on the envelope (before DATA). if you check the content, things get more complicated and the gains depend on how much junk you reject and how much resources you have. In particular, pre-queue makes you more vulnerable to DoS (your checks are driven by the foreign client). it also may cause a client timeout, which is bad. but in most cases, performances are not the most critical issue. it is much more important to deal with FPs (minimise as yu can, and when you can't, provide feedback, ... etc) and with the junk that you didn't reject (quarantine? tag and deliver? ... etc). we think that tag and deliver or quarantine are the way to go, but when you look at how users check their mail, quarantine, folders, ... you get to review this (at least, this is my experience. and this is why I moved more toward origin filtering as much as possible). -- SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada. The future of the web can't happen without you. Join us at MIX09 to help pave the way to the Next Web now. Learn more and register at http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
