Luis Daniel Lucio Quiroz a écrit :
> Hey Robert
>
> I know, amavis is the best antispam machine for SA+Clamv, but I have a little
> box, 256MB or ram and no swap (dont ask why). There for, because amavis is
> running under perl, it use alot of memory and then I'm having pipe errors.
>
if you think perl is bad because it's perl, then you're on the wrong
list ;-p
> I've found how to use SA+CLAM+Postfix without Amavis.
and can you tell us how you do that?
don' tell me you are fork/exec-ing scripts...
> However, just for
> informative reasons I'll explain you why I wont use milters.
>
> Because postfix arch. email flux is like this:
> -> pre-queue filtering -> postfix filtering (queue) -> post-queue filtering ->
postfix provides:
- smtpd access restrictions (before queue)
- (simple) header/body checks (before queue)
- milters (depends on what the milter does)
- proxy filters ("proxy mode")
- content filter ("after queue" filter)
ideally, an ideal combination is ideal. but which combination is ideal
depends on the situation. in any case, tuning without measurement is
always wrong.
>
> This suggest that all email is got first by pre -queue filtering. This is
> not
> useful for heavy-load boxes because if you set this SA as a milter (postfix
> only supports milters in pre-queue) then SA will get 100% of load.
>
"This" is wrong.
> I rather prefer to set it in post-queue (i got using pipe at master.cf)
I also prefer post-queue, but for different reasons.
> because, postfilx filtering (such as helo restriction, fqdn restrictions,
> client restrictions, including rbl - but i'll use this in SA-) could be
> applied first and then SA only will get 60% of all mails. In many
> installations I've set, I stop much spam using helo-fqdn restriction
> therefore
> SA and hole machine have a low load. Postfix basic filtering it is much
> faster and cheaper than SA's.
you have much (unjustified) "prejugés"... if you only check IPs, then a
basic IP filter is the best you can do. but if you want more, then you
need more...
if you want a minimum overhead specialized MTA, then no available open
source MTA will do. and no "generic" OS will do. but the advantages of
"generic" solutions (OSes or servers) generally outweight the costs.
