MSA & MTA & Milters Was [Re: Firewall and NAT]

[Paul Howarth]

Ow Mun Heng wrote:
> On Wed, 2004-11-03 at 16:21, Paul Howarth wrote:
>>Perhaps we should start again from first principles. They key difference
>>between the MSA and the MTA is that the MSA is targeted at outgoing mail
>>and the MTA is targeted at incoming mail. So clearly you are going to
>>want anti-virus/spam etc. filters on the MTA to deal with the incoming
>>menace. Whether you want such filters on the outgoing traffic is a
>>matter of preference, but splitting the functionality between MTA and
>>MSA gives you the option of not applying the same filters to outgoing
>>traffic if you don't feel the need to have them.
> 
> 
> Understood. Exactly what I want. How to implement that is still a
> mystery to me right now. Because the MSA and the MTA port is up.
> 
> Evo is configured to use the MSA for mail delivery.
> 
> I just did a ethereal trace when sending messages locally.
> 
> I see this sort of exchanges..
> 
> Evo -> Port 587 (MSA)
> (Then I see Clamav-milter being called )
> --->Received: by clamav-milter<----
> (then it gets passed to Spamc)
> -->PROCESS SPAMC/1.3<---
> (then I see the MSA port tells the connecting port)
> -->Message accepted for delivery<--

Is this what you want (the milters)? I'm still composing a reply to another 
email about having separate milters on the MSA and MTA.

Which version of sendmail are you running?

>>You don't need an MTA (local or otherwise) to use fetchmail. You can use
>>an MDA (Mail Delivery Agent) like procmail to handle delivery instead:
> 
> Then what about Spam/virus checks?

Procmail could filter the mail through spam and virus checkers, though 
obviously this would be using a different mechanism than the milters, and 
you'd have to consult the documentation for your spam/virus checkers on how to 
do that. Personally I think that pushing them through your MTA is the best 
solution.

Paul.