[xmail] Re: Problem with spool file
Thank you, Davide: it works. The disk space was ok, and there were no problems with files or directories. I'm investigating what was the "crash" source. Sergio Davide Libenzi wrote: >On Wed, 29 Dec 2004, Sergio Perrone wrote: > > > >>Hi ! >>I have a Xmail 1.20 production server over W2000 with poblems since 2 >>days ago. >>It was running nicely during 8 months without any problem. >>Now, it receives messages but does not deliver them to the mailboxes. >>Event viewer shows a few events about Xmail with error "554: error >>loading spool file". >>I''ve tried to run Xmail in debug mode, but the problems still remains. >> >>How can I rebuild de spool file, or fix it? >>The W2000 is working normal (or it seems to). >> >> > >Do you have free space on the partition where XMail lives? >Try to run a disk check to verify it is not b0rken. If it is fine, and you >have enough free space, try to stop XMail and remove all the directories >that starts with a number inside the spool directory. Then, restart XMail. > > >- Davide > >- >To unsubscribe from this list: send the line "unsubscribe xmail" in >the body of a message to [EMAIL PROTECTED] >For general help: send the line "help" in the body of a message to >[EMAIL PROTECTED] > > > > - To unsubscribe from this list: send the line "unsubscribe xmail" in the body of a message to [EMAIL PROTECTED] For general help: send the line "help" in the body of a message to [EMAIL PROTECTED]
[xmail] Re: AV and SA
Actually, I got the older builds to work stable up to 50 or so simultaneous connections (that's the most I get). The newer ones (about 3 months ago last tested) were problematic. I think the author tried to put too much into it and now has lost control of his code. But I'm hoping he'll get it all fixed up (if it isn't already). The only real issue I had was with IPs getting crossed with that LSP component. So, I used a script in eWall to write the IPs instead of the mail server. Jason J Ellingson Sr. Web Software Developer 615.301.1682 : nashville 612.605.1132 : minneapolis www.ellingson.com [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Shiloh Jennings Sent: Wednesday, December 29, 2004 2:27 PM To: xmail@xmailserver.org Subject: [xmail] Re: AV and SA Have you ever gotten eWall to be 100% stable in high volume = environments? We could not. Maybe the newer builds of eWall are more stable, though. - To unsubscribe from this list: send the line "unsubscribe xmail" in the body of a message to [EMAIL PROTECTED] For general help: send the line "help" in the body of a message to [EMAIL PROTECTED]
[xmail] Re: AV and SA
Have you ever gotten eWall to be 100% stable in high volume = environments? We could not. Maybe the newer builds of eWall are more stable, though. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] = On Behalf Of Jason J. Ellingson Sent: Wednesday, December 29, 2004 1:22 PM To: xmail@xmailserver.org Subject: [xmail] Re: AV and SA I'm glad to see that we are in agreement on these topics. Another idea could be to separate your inbound email servers from the = pop3 server. Then you could have several inbound servers (via multiple MX records at same weight or a load balancing box to redirect incoming connections) that do all the work and then forward on the to POP3 = server. I see Michal has a nice sync utility to do this... Or if you wanted to avoid the setup of actual mail servers (but don't = want to lose your user lists for RCPT TO checks), check out eWall by serversidesolutions (sssolutions.net). I own it (site license... whew!) = and it does work good (not currently using it though). Think of it as an = inline proxy... the client and servers talk to each other, but eWall can jump = in at any point (according to any rules you set up) and then do whatever you = want (such as AV and spam scanning). Jason J Ellingson Sr. Web Software Developer 615.301.1682 : nashville 612.605.1132 : minneapolis www.ellingson.com [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] = On Behalf Of Shiloh Jennings Sent: Wednesday, December 29, 2004 12:00 PM To: xmail@xmailserver.org Subject: [xmail] Re: AV and SA 1) Most of the popular viruses are not very big. My main virus concern = =3D is the fast spreading email worms. This solution is blocking those nicely. There is always a potential with any solution that something might slip = =3D by the filtering. I am not overlooking that. I may need to do some =3D tweaking at some point to maintain the effectiveness of this solution if a really large worm were released. 2) Think of this in terms of resource allocation. Some box in my =3D datacenter will need to filter AV. It will either be an email server or one of the clustered SA boxes. I hate getting complaints about email server performance, so I would rather place the load of AV scanning onto the SA cluster. Also, my SA cluster is made up of all of the old servers that = =3D we no longer want to use for web or email hosting, so there is not really a cost associated with the SA cluster. 3) I agree this could make a mess of the bayes DB pretty quickly, so we = =3D have left autolearning disabled. But this is not a problem, because I am not = =3D a fan of bayes autolearning anyway. I have always felt AL only reinforced mistakes. Manual training is always the best answer for bayes in my experience. We are running ClamD on the SA boxes. The performance of ClamD for =3D doing a large volume of email is much better than calling clamscan each time. = =3D If you look at the clamav pluggin code, you will see that the pluggin uses = =3D a perl module for connecting to ClamD over TCP. So SpamD does not even = =3D need to spawn clamdscan to talk to ClamD. It just connect directly using =3D TCP. I respect your opinion about filtering solutions. You obviously have invested a considerable amount of time into thinking about these =3D solutions. I think it is awesome that we can have such discussions about all of the various ways of solving the virus and spam problems. Personally, I =3D think we need to stop worrying about virus and spam separately. I think we need = =3D a "garbage filter" that catches everything instead of separate solutions = =3D for each thing. The way I look at it, garbage is garbage regardless of how = =3D it smells. This solution does let me offload all of the garbage filtering = =3D to an inexpensive cluster of boxes, which allows my email servers to =3D perform better. - To unsubscribe from this list: send the line "unsubscribe xmail" in the body of a message to [EMAIL PROTECTED] For general help: send the line "help" in the body of a message to [EMAIL PROTECTED] - To unsubscribe from this list: send the line "unsubscribe xmail" in the body of a message to [EMAIL PROTECTED] For general help: send the line "help" in the body of a message to [EMAIL PROTECTED]
[xmail] Re: AV and SA
I'm glad to see that we are in agreement on these topics. Another idea could be to separate your inbound email servers from the pop3 server. Then you could have several inbound servers (via multiple MX records at same weight or a load balancing box to redirect incoming connections) that do all the work and then forward on the to POP3 server. I see Michal has a nice sync utility to do this... Or if you wanted to avoid the setup of actual mail servers (but don't want to lose your user lists for RCPT TO checks), check out eWall by serversidesolutions (sssolutions.net). I own it (site license... whew!) and it does work good (not currently using it though). Think of it as an inline proxy... the client and servers talk to each other, but eWall can jump in at any point (according to any rules you set up) and then do whatever you want (such as AV and spam scanning). Jason J Ellingson Sr. Web Software Developer 615.301.1682 : nashville 612.605.1132 : minneapolis www.ellingson.com [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Shiloh Jennings Sent: Wednesday, December 29, 2004 12:00 PM To: xmail@xmailserver.org Subject: [xmail] Re: AV and SA 1) Most of the popular viruses are not very big. My main virus concern = is the fast spreading email worms. This solution is blocking those nicely. There is always a potential with any solution that something might slip = by the filtering. I am not overlooking that. I may need to do some = tweaking at some point to maintain the effectiveness of this solution if a really large worm were released. 2) Think of this in terms of resource allocation. Some box in my = datacenter will need to filter AV. It will either be an email server or one of the clustered SA boxes. I hate getting complaints about email server performance, so I would rather place the load of AV scanning onto the SA cluster. Also, my SA cluster is made up of all of the old servers that = we no longer want to use for web or email hosting, so there is not really a cost associated with the SA cluster. 3) I agree this could make a mess of the bayes DB pretty quickly, so we = have left autolearning disabled. But this is not a problem, because I am not = a fan of bayes autolearning anyway. I have always felt AL only reinforced mistakes. Manual training is always the best answer for bayes in my experience. We are running ClamD on the SA boxes. The performance of ClamD for = doing a large volume of email is much better than calling clamscan each time. = If you look at the clamav pluggin code, you will see that the pluggin uses = a perl module for connecting to ClamD over TCP. So SpamD does not even = need to spawn clamdscan to talk to ClamD. It just connect directly using = TCP. I respect your opinion about filtering solutions. You obviously have invested a considerable amount of time into thinking about these = solutions. I think it is awesome that we can have such discussions about all of the various ways of solving the virus and spam problems. Personally, I = think we need to stop worrying about virus and spam separately. I think we need = a "garbage filter" that catches everything instead of separate solutions = for each thing. The way I look at it, garbage is garbage regardless of how = it smells. This solution does let me offload all of the garbage filtering = to an inexpensive cluster of boxes, which allows my email servers to = perform better. - To unsubscribe from this list: send the line "unsubscribe xmail" in the body of a message to [EMAIL PROTECTED] For general help: send the line "help" in the body of a message to [EMAIL PROTECTED]
[xmail] Re: Problem with spool file
On Wed, 29 Dec 2004, Sergio Perrone wrote: > Hi ! > I have a Xmail 1.20 production server over W2000 with poblems since 2 > days ago. > It was running nicely during 8 months without any problem. > Now, it receives messages but does not deliver them to the mailboxes. > Event viewer shows a few events about Xmail with error "554: error > loading spool file". > I''ve tried to run Xmail in debug mode, but the problems still remains. > > How can I rebuild de spool file, or fix it? > The W2000 is working normal (or it seems to). Do you have free space on the partition where XMail lives? Try to run a disk check to verify it is not b0rken. If it is fine, and you have enough free space, try to stop XMail and remove all the directories that starts with a number inside the spool directory. Then, restart XMail. - Davide - To unsubscribe from this list: send the line "unsubscribe xmail" in the body of a message to [EMAIL PROTECTED] For general help: send the line "help" in the body of a message to [EMAIL PROTECTED]
[xmail] Problem with spool file
Hi ! I have a Xmail 1.20 production server over W2000 with poblems since 2 days ago. It was running nicely during 8 months without any problem. Now, it receives messages but does not deliver them to the mailboxes. Event viewer shows a few events about Xmail with error "554: error loading spool file". I''ve tried to run Xmail in debug mode, but the problems still remains. How can I rebuild de spool file, or fix it? The W2000 is working normal (or it seems to). Thank you. Sergio Thank you - To unsubscribe from this list: send the line "unsubscribe xmail" in the body of a message to [EMAIL PROTECTED] For general help: send the line "help" in the body of a message to [EMAIL PROTECTED]
[xmail] Re: Source code question
On Wed, 29 Dec 2004, Luca Giuranna wrote: > If I'm not wrong, I noticed that if I send a message telnetting to port > 25 and add a "Message_Id:" header to the message I'm sending, this > header is retained by xmail: when I then receive the message, it > contains the same Message_Id header I inserted. Xmail does not replace > it with a new Message_Id header. > That's good for me because I need to log this message_id into the smtp log. > > I went to the source code, looking for a way to add a column to the smtp > log (I'm not skilled in c++). > I think I know how to add a column to the smtp log file, maybe by > changing this method in SMTPSvr.cpp: Message IDs that XMail generates are server-wide, and XMail does not care at all of MUA/account specific ones that are listed inside the message headers. - Davide - To unsubscribe from this list: send the line "unsubscribe xmail" in the body of a message to [EMAIL PROTECTED] For general help: send the line "help" in the body of a message to [EMAIL PROTECTED]
[xmail] Source code question
If I'm not wrong, I noticed that if I send a message telnetting to port 25 and add a "Message_Id:" header to the message I'm sending, this header is retained by xmail: when I then receive the message, it contains the same Message_Id header I inserted. Xmail does not replace it with a new Message_Id header. That's good for me because I need to log this message_id into the smtp log. I went to the source code, looking for a way to add a column to the smtp log (I'm not skilled in c++). I think I know how to add a column to the smtp log file, maybe by changing this method in SMTPSvr.cpp: == static int SMTPLogSession(SMTPSession & SMTPS, char const *pszSender, char const *pszRecipient, char const *pszStatus, unsigned long ulMsgSize) { char szTime[256] = ""; MscGetTimeNbrString(szTime, sizeof(szTime) - 1); RLCK_HANDLE hResLock = RLckLockEX(SVR_LOGS_DIR SYS_SLASH_STR SMTP_LOG_FILE); if (hResLock == INVALID_RLCK_HANDLE) return (ErrGetErrorCode()); char szIP[128] = "???.???.???.???"; MscFileLog(SMTP_LOG_FILE, "\"%s\"" "\t\"%s\"" "\t\"%s\"" "\t\"%s\"" "\t\"%s\"" "\t\"%s\"" "\t\"%s\"" "\t\"%s\"" "\t\"%s\"" "\t\"%s\"" "\t\"%s\"" "\t\"%lu\"" "\t\"%s\"" "\n", SMTPS.szSvrFQDN, SMTPS.szSvrDomain, SysInetNToA(SMTPS.PeerInfo, szIP), szTime, SMTPS.szClientDomain, SMTPS.szDestDomain, pszSender, pszRecipient, SMTPS.szMessageID, pszStatus, SMTPS.szLogonUser, ulMsgSize, SMTPS.szClientFQDN); RLckUnlockEX(hResLock); return (0); } == But I was not able to understand if, from inside this method, the Message_Id header is available for logging. Is the Message_Id header available here? How I can retrieve it? Thank You very much. -- Luca Giuranna - To unsubscribe from this list: send the line "unsubscribe xmail" in the body of a message to [EMAIL PROTECTED] For general help: send the line "help" in the body of a message to [EMAIL PROTECTED]
[xmail] Re: AV and SA
1) Most of the popular viruses are not very big. My main virus concern = is the fast spreading email worms. This solution is blocking those nicely. There is always a potential with any solution that something might slip = by the filtering. I am not overlooking that. I may need to do some = tweaking at some point to maintain the effectiveness of this solution if a really large worm were released. 2) Think of this in terms of resource allocation. Some box in my = datacenter will need to filter AV. It will either be an email server or one of the clustered SA boxes. I hate getting complaints about email server performance, so I would rather place the load of AV scanning onto the SA cluster. Also, my SA cluster is made up of all of the old servers that = we no longer want to use for web or email hosting, so there is not really a cost associated with the SA cluster. 3) I agree this could make a mess of the bayes DB pretty quickly, so we = have left autolearning disabled. But this is not a problem, because I am not = a fan of bayes autolearning anyway. I have always felt AL only reinforced mistakes. Manual training is always the best answer for bayes in my experience. We are running ClamD on the SA boxes. The performance of ClamD for = doing a large volume of email is much better than calling clamscan each time. = If you look at the clamav pluggin code, you will see that the pluggin uses = a perl module for connecting to ClamD over TCP. So SpamD does not even = need to spawn clamdscan to talk to ClamD. It just connect directly using = TCP. I respect your opinion about filtering solutions. You obviously have invested a considerable amount of time into thinking about these = solutions. I think it is awesome that we can have such discussions about all of the various ways of solving the virus and spam problems. Personally, I = think we need to stop worrying about virus and spam separately. I think we need = a "garbage filter" that catches everything instead of separate solutions = for each thing. The way I look at it, garbage is garbage regardless of how = it smells. This solution does let me offload all of the garbage filtering = to an inexpensive cluster of boxes, which allows my email servers to = perform better. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] = On Behalf Of Jason J. Ellingson Sent: Tuesday, December 28, 2004 5:21 PM To: xmail@xmailserver.org Subject: [xmail] Re: AV and SA *** JUST AN OPINION - PLEASE TAKE WITH A GRAIN OF SALT *** I think it is a great idea. However, here is why I choose not to do it = that way: 1) Only scans those messages under 250KB or whatever limit you set on = SPAMC. This misses any potentially infected files a friend might send you in a larger attachment. 2) Resources used more. The message is now set to the SA box(es) = regardless of potential infection status. And unless there is a quick abort = available in SPAMD for an infected message, the email will get fully checked by = all rules RBLs, SPF, etc... all completely unnecessary. 3) Can hurt BAYES/AWL databases... if the virus infected email is ever written with the REAL source email address (which nearly none do = currently unless accidentally zipped into an attachment by an infected user), the databases will effectively blacklist that user. -- AWL is stored by IP subnet/email address pairs. And as a side note, hopefully you are using ClamD to scan those = emails... much faster than serial execution checking. This is why I still stick to a policy of anti-virus scanners for = viruses, and anti-spam scanners for spam messages... and checked in that order. AGAIN, just an opinion by me and is not to be considered fact, or even a qualified opinion. Plus, I reserve the right to change my mind. Jason J Ellingson Sr. Web Software Developer 615.301.1682 : nashville 612.605.1132 : minneapolis www.ellingson.com [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] = On Behalf Of Shiloh Jennings Sent: Tuesday, December 28, 2004 10:14 AM To: xmail@xmailserver.org Subject: [xmail] AV and SA Previously, I had been running ClamAV and SpamC on each of my email =3D servers. SpamD was running on a cluster of FreeBSD boxes. I had always wanted a solution to move ClamAV off of the email servers and onto the SA boxes. = =3D I finally found a solution: http://wiki.apache.org/spamassassin/ClamAVPlugin We have been using that since it came out and it has been working flawlessly. Anybody running SA on a dedicated Linux or FreeBSD box =3D might want to consider running the ClamAV Pluggin for SA. The only tweak I = =3D made was switching the CLAMAV score from 10 to 300. I let my customers set = =3D their threshold as high as 100, and needed to make sure virus emails always = =3D scored well beyond their threshold. Also, I made a Win32 compile of the spamc that shipp
[xmail] Re: AV and SA
The way I look at it, it does not matter. My only concern is to move = the AV and SA stuff off of the email servers and onto its own cluster of boxes. Once AV and SA are on their own cluster of boxes, there is no limit to = how much hardware I can dedicate to AV and SA. =20 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] = On Behalf Of Tony Wu Sent: Tuesday, December 28, 2004 8:31 PM To: xmail@xmailserver.org Subject: [xmail] Re: AV and SA It is a question I think for some time. Do you do AV first, then SA, or SA first and then AV?? Tony On Tue, 28 Dec 2004 17:21:14 -0600, Jason J. Ellingson <[EMAIL PROTECTED]> wrote: > *** JUST AN OPINION - PLEASE TAKE WITH A GRAIN OF SALT *** >=20 > I think it is a great idea. However, here is why I choose not to do = it that > way: >=20 > 1) Only scans those messages under 250KB or whatever limit you set on SPAMC. > This misses any potentially infected files a friend might send you in = a > larger attachment. >=20 > 2) Resources used more. The message is now set to the SA box(es) regardless > of potential infection status. And unless there is a quick abort available > in SPAMD for an infected message, the email will get fully checked by = all > rules RBLs, SPF, etc... all completely unnecessary. >=20 > 3) Can hurt BAYES/AWL databases... if the virus infected email is ever > written with the REAL source email address (which nearly none do = currently > unless accidentally zipped into an attachment by an infected user), = the > databases will effectively blacklist that user. -- AWL is stored by = IP > subnet/email address pairs. >=20 > And as a side note, hopefully you are using ClamD to scan those = emails... > much faster than serial execution checking. >=20 > This is why I still stick to a policy of anti-virus scanners for = viruses, > and anti-spam scanners for spam messages... and checked in that order. >=20 > AGAIN, just an opinion by me and is not to be considered fact, or even = a > qualified opinion. Plus, I reserve the right to change my mind. > > Jason J Ellingson > Sr. Web Software Developer >=20 > 615.301.1682 : nashville > 612.605.1132 : minneapolis >=20 > www.ellingson.com > [EMAIL PROTECTED] >=20 > -Original Message- > From: [EMAIL PROTECTED] = [mailto:[EMAIL PROTECTED] On > Behalf Of Shiloh Jennings > Sent: Tuesday, December 28, 2004 10:14 AM > To: xmail@xmailserver.org > Subject: [xmail] AV and SA >=20 > Previously, I had been running ClamAV and SpamC on each of my email = =3D > servers. > SpamD was running on a cluster of FreeBSD boxes. I had always wanted = a > solution to move ClamAV off of the email servers and onto the SA = boxes. =3D > I > finally found a solution: > http://wiki.apache.org/spamassassin/ClamAVPlugin >=20 > We have been using that since it came out and it has been working > flawlessly. Anybody running SA on a dedicated Linux or FreeBSD box = =3D > might > want to consider running the ClamAV Pluggin for SA. The only tweak I = =3D > made > was switching the CLAMAV score from 10 to 300. I let my customers set = =3D > their > threshold as high as 100, and needed to make sure virus emails always = =3D > scored > well beyond their threshold. >=20 > Also, I made a Win32 compile of the spamc that shipped with SA3. I = was =3D > able > to fully eliminate the need for CygWin on my Windows based XMail = servers =3D > by > doing that in addition to moving ClamAV to the SA boxes. I simply ran = =3D > the > SA installer on a Windows box that had VC5 installed in order to build = =3D > the > native Win32 spamc.exe, but there are also ways to do it for free. If = =3D > you > need to build spamc.exe for free, check out the following article: > http://wiki.apache.org/spamassassin/BuildSpamcOnWindowsForFree >=20 > Anyway, I figured I would pass this on in case any other hosts were = =3D > looking > for similar solutions. >=20 > - > To unsubscribe from this list: send the line "unsubscribe xmail" in > the body of a message to [EMAIL PROTECTED] > For general help: send the line "help" in the body of a message to > [EMAIL PROTECTED] >=20 > - > To unsubscribe from this list: send the line "unsubscribe xmail" in > the body of a message to [EMAIL PROTECTED] > For general help: send the line "help" in the body of a message to > [EMAIL PROTECTED] >=20 >=20 --=20 My Blog - http://tony1986.blogspot.com/ - To unsubscribe from this list: send the line "unsubscribe xmail" in the body of a message to [EMAIL PROTECTED] For general help: send the line "help" in the body of a message to [EMAIL PROTECTED] - To unsubscribe from this list: send the line "unsubscribe xmail" in the body of a message to [EMAIL PROTECTED] For general help: send the line "help" in the body of a message to [EMAIL PROTECTED]
[xmail] Re: Mysterious Bounce
Wow, thanks. I was hoping it would be something simple like that. That user has a real problem with spelling. I'll have to get onto him for that. Thanks Dustin C. Hatch http://www.dchweb.com/ Sönke Ruempler wrote: >Hi, I think the error is here (spelling): > > > >>Mail From: <[EMAIL PROTECTED]> >> >> > >Isn't it? ;-) > > > >>Rcpt To: <[EMAIL PROTECTED]> >>Server: [207.179.102.146] >>=20 >>=20 >>[<02>] The reason of the delivery failure was: >>=20 >>501 5.1.8 Sender domain must have a DNS MX or A/CNAME record. >>=20 >>=20 >>[<04>] Here is listed the message log file: >>=20 >>[PeekTime] 1104070313 : Sun, 26 Dec 2004 08:11:53 -0600 << >>ErrCode =3D -81 >>ErrString =3D [MAIL FROM:] not permitted by remote SMTP server >>ErrInfo =3D 501 5.1.8 Sender domain must have a DNS MX or >>A/CNAME record. >>SMAIL SMTP-Send MX =3D "smtp.acd.net." SMTP =3D "dchweb.com" From >>=3D "[EMAIL PROTECTED]" To =3D "[EMAIL PROTECTED]" Failed ! >>SMTP-Error =3D "501 5.1.8 Sender domain must have a DNS MX or A/CNAME >>record." SMTP-Server =3D "smtp.acd.net." >> >> >- >To unsubscribe from this list: send the line "unsubscribe xmail" in >the body of a message to [EMAIL PROTECTED] >For general help: send the line "help" in the body of a message to >[EMAIL PROTECTED] > > > > - To unsubscribe from this list: send the line "unsubscribe xmail" in the body of a message to [EMAIL PROTECTED] For general help: send the line "help" in the body of a message to [EMAIL PROTECTED]
[xmail] Re: AV and SA
There is no 'BEST WAY'. Your security policies generaly define what to = do First example : If you DON'T WANT to DROP ANY infected mail, because you don't want to = miss the (IMO 'little') number of legitimate mails that was infected, then = you can process in any order you want as the mail must pass all tests to be scored and then finaly eventualy dropped/bounced/delivered ... Second example : Assuming your security policy is to simply DROP any infected viruses, = why trying to run any other test when you already know that the message is infected ? So perform scan, and if virus found, drop it, else pass to spamassassin = and others filters ... A sample security policy we adopt in our company : 1- Test for spf : if source domain have no spf record go to next steep, = but if source domain have a spf record go to next steep only if sender ip = is ok else drop. 2- Test for smtp AUTH : if authentified smtp session go directly to = test 5 3- Test for blacklists (drop if present else go to next steep) 4- Test for greylisting and go to next steep if ok 5- Test for viruses : drop any infected mail without notifications to = sender and receiver (as we assume that actually 99% infected mails are self generated, don't wasp ressources ...) else go to next steep - Test for anti-spam and depending of score, pass, bounce or drop If spamassasin first job is to scan for viruses, and, with an = selectable option, can simply skip other tests if viruses are found, then yes, = only sending the mail to spamassassin is ok for us. The question is : Can spamassassin run this way ? I don't know yet (I'm = not a spamassassin expert ...) Francis -Message d'origine- De : Tony Wu [mailto:[EMAIL PROTECTED] Envoy=E9 : mercredi 29 d=E9cembre 2004 03:31 =C0 : xmail@xmailserver.org Objet : [xmail] Re: AV and SA It is a question I think for some time. Do you do AV first, then SA, or SA first and then AV?? Tony On Tue, 28 Dec 2004 17:21:14 -0600, Jason J. Ellingson <[EMAIL PROTECTED]> wrote: > *** JUST AN OPINION - PLEASE TAKE WITH A GRAIN OF SALT *** >=20 - To unsubscribe from this list: send the line "unsubscribe xmail" in the body of a message to [EMAIL PROTECTED] For general help: send the line "help" in the body of a message to [EMAIL PROTECTED]