Re: MailScanner versus Amavisd-new with postfix
On Friday, October 27, 2006, 2:05:44 PM, DAve DAve wrote: > Dan Horne wrote: >> Wietse Venema says that MailScanner uses unsupported methods to >> manipulate the queue that could (and has) lead to lost email. I don't >> know the full details, but it has been discussed much on the postfix >> list. My impression is that the condition is rare, but it does happen. >> >> Just a heads up. >> > I don't use Postfix any longer so I can't comment on how well > MailScanner works with Postfix. I can say it works wonderfully with > Sendmail. Nothing wrong with Postfix, but new jobs use new tools and I > learn the new tools. That said, this is the semi 'official' MailScanner > stance on Postfix AIUT. > http://wiki.mailscanner.info/doku.php?id=documentation:configuration:mta:postfix:politics&s=postfix > Note that apparently a LOT of MailScanner admins are running Postfix > with no problems. Julian is responsive to an extreme in dealing with his > users. If there was a problem, he would be all over it. > DAve Thanks DAve and all. For the record, the conclusion of that page says: __ The Solution Recently however some changes have been made to allow for a different approach. This new approach does not require MailScanner to access the active queue. Nor does it require Postfix to be split into two instances. It is still however acessing the Postfix queue but not the active queue, that is the key. Now Instead Postfix puts all incoming email into a hold queue for scanning. By putting a simple line into the Postfix /etc/Postfix/header_checks file all email is put into the hold queue which is a safe quiet place that Postfix is no longer actively accessing or changing. Its basically frozen in the process as far as Postfix is concerned. As stated in the man pages for the qmgr: hold = Messages that are kept on hold are kept here until someone sets them free (also see man header_checks). Now MailScanner can safely access these emails in the Postfix hold queue for scanning and then pass it back into Postfix active queue for delivery. To me and a lot of other people this makes perfect sense. This is much simpler approach and takes far less resources and time than to have MailScanner running its own SMTP engine just so it can talk to Postfix. But the Postfix community and possibly even the developers are still insisting that MailScanner is not a viable AV scanner for Postfix systems. Respectively, if this is still the case then the Postfix developers need to say something so other solutions can be worked out. The idea behind putting the incoming emails into the hold queue for scanning has eliminated all of the risks that were associated with using MailScanner and Postfix together in the past. The Postfix website is still insisting that MailScanner is a risk . With the new single instance Postfix setup configuration, I have not seen any proof that would lead me to believe that any problems may arise. After many months of using MailScanner with Postfix in the single instance setup design I have not experienced any problems. __ Seems like a reasonable solution from that description alone, but I know little about postfix internals and even less about MailScanner internals. OTOH the proposed solution would seem to be successful based on reported experience. Jeff C. -- Jeff Chan mailto:[EMAIL PROTECTED] http://www.surbl.org/
Re: MailScanner versus Amavisd-new with postfix
Jeff, > Not to start any flamewars, but does anyone have strong opinions > on MailScanner versus Amavisd-new for use with postfix (and of > course SpamAssassin and ClamAV)? Of course I'm biased, but I'd be worried running program with about 400 cases of calling system routines (I/O, file system, etc.) without checking resulting status or failing to report errors. MailScanner works while everything is in order. When unexpected happens (e.g. disk full, I/O or file system errors, depleted system resources), then unpredictable things are bound to result, and possibly go by unnoticed for some time or prove difficult to diagnose. Mark
Re: MailScanner versus Amavisd-new with postfix
Dan Horne wrote: -Original Message- From: Jeff Chan [mailto:[EMAIL PROTECTED] Sent: Friday, October 27, 2006 9:54 AM To: SpamAssassin Users Subject: MailScanner versus Amavisd-new with postfix Not to start any flamewars, but does anyone have strong opinions on MailScanner versus Amavisd-new for use with postfix (and of course SpamAssassin and ClamAV)? In the old days it seemed Amavisd-new may have integrated better with postfix, but is that no longer the case? Some folks say MailScanner is faster and leaner. What gives? Jeff C. -- Jeff Chan mailto:[EMAIL PROTECTED] http://www.surbl.org/ Wietse Venema says that MailScanner uses unsupported methods to manipulate the queue that could (and has) lead to lost email. I don't know the full details, but it has been discussed much on the postfix list. My impression is that the condition is rare, but it does happen. Just a heads up. I don't use Postfix any longer so I can't comment on how well MailScanner works with Postfix. I can say it works wonderfully with Sendmail. Nothing wrong with Postfix, but new jobs use new tools and I learn the new tools. That said, this is the semi 'official' MailScanner stance on Postfix AIUT. http://wiki.mailscanner.info/doku.php?id=documentation:configuration:mta:postfix:politics&s=postfix Note that apparently a LOT of MailScanner admins are running Postfix with no problems. Julian is responsive to an extreme in dealing with his users. If there was a problem, he would be all over it. DAve -- Three years now I've asked Google why they don't have a logo change for Memorial Day. Why do they choose to do logos for other non-international holidays, but nothing for Veterans? Maybe they forgot who made that choice possible.
RE: MailScanner versus Amavisd-new with postfix
note: I don't use mailscanner, so am only relaying what I saw on the postfix list. My understanding (based on foggy memory - search the list archives for a better answer) is that MailScanner dipped into postfix queues using either undocumented postfix APIs or by bypassing postfix entirely and directly manipulating files on disk. This led to instances of documented mail loss. Wietse therefore said that it wasn't safe to use. I've also recently read (I believe also on the postfix list, but am not sure) that MailScanner has remedied this behavior, and that it is now safe to use with postfix, but you'll need to confirm for yourself if that is true. Kurt | -Original Message- | From: Jeff Chan [mailto:[EMAIL PROTECTED] | Sent: Friday, October 27, 2006 06:54 | To: SpamAssassin Users | Subject: MailScanner versus Amavisd-new with postfix | | | Not to start any flamewars, but does anyone have strong opinions | on MailScanner versus Amavisd-new for use with postfix (and of | course SpamAssassin and ClamAV)? | | In the old days it seemed Amavisd-new may have integrated better | with postfix, but is that no longer the case? Some folks say | MailScanner is faster and leaner. | | What gives? | | Jeff C. | -- | Jeff Chan | mailto:[EMAIL PROTECTED] | http://www.surbl.org/ |
RE: MailScanner versus Amavisd-new with postfix
> -Original Message- > From: Jeff Chan [mailto:[EMAIL PROTECTED] > Sent: Friday, October 27, 2006 9:54 AM > To: SpamAssassin Users > Subject: MailScanner versus Amavisd-new with postfix > > Not to start any flamewars, but does anyone have strong > opinions on MailScanner versus Amavisd-new for use with > postfix (and of course SpamAssassin and ClamAV)? > > In the old days it seemed Amavisd-new may have integrated > better with postfix, but is that no longer the case? Some > folks say MailScanner is faster and leaner. > > What gives? > > Jeff C. > -- > Jeff Chan > mailto:[EMAIL PROTECTED] > http://www.surbl.org/ > > Wietse Venema says that MailScanner uses unsupported methods to manipulate the queue that could (and has) lead to lost email. I don't know the full details, but it has been discussed much on the postfix list. My impression is that the condition is rare, but it does happen. Just a heads up. -DH CONFIDENTIALITY NOTICE: This email message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. SPAM-FREE 1.0(2476)
Re: MailScanner versus Amavisd-new with postfix
Jeff Chan wrote: Not to start any flamewars, but does anyone have strong opinions on MailScanner versus Amavisd-new for use with postfix (and of course SpamAssassin and ClamAV)? In the old days it seemed Amavisd-new may have integrated better with postfix, but is that no longer the case? Some folks say MailScanner is faster and leaner. What gives? Jeff C. Jeff can't say I've compared the two, but I run MailScanner and it does have a couple of neat features recently - it's own MD5 cache of recent spam which speeds things up alot, and the inbuilt phishing testing (yeah ok this has been in a while). it also glues SA, 12 anti-virus engines, and it's own tests (like executables which has saved me a few times before the av people have updates). horses for courses, but it's nice to have a choice of amavis-new OR MailScanner. -- Martin Hepworth Senior Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 ** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. **
MailScanner versus Amavisd-new with postfix
Not to start any flamewars, but does anyone have strong opinions on MailScanner versus Amavisd-new for use with postfix (and of course SpamAssassin and ClamAV)? In the old days it seemed Amavisd-new may have integrated better with postfix, but is that no longer the case? Some folks say MailScanner is faster and leaner. What gives? Jeff C. -- Jeff Chan mailto:[EMAIL PROTECTED] http://www.surbl.org/