MSA & MTA & Milters Was [Re: Firewall and NAT]
Paul Howarth
paul at city-fan.org
Wed Nov 3 10:53:16 UTC 2004
Ow Mun Heng wrote:
> On Wed, 2004-11-03 at 16:21, Paul Howarth wrote:
>>Perhaps we should start again from first principles. They key difference
>>between the MSA and the MTA is that the MSA is targeted at outgoing mail
>>and the MTA is targeted at incoming mail. So clearly you are going to
>>want anti-virus/spam etc. filters on the MTA to deal with the incoming
>>menace. Whether you want such filters on the outgoing traffic is a
>>matter of preference, but splitting the functionality between MTA and
>>MSA gives you the option of not applying the same filters to outgoing
>>traffic if you don't feel the need to have them.
>
>
> Understood. Exactly what I want. How to implement that is still a
> mystery to me right now. Because the MSA and the MTA port is up.
>
> Evo is configured to use the MSA for mail delivery.
>
> I just did a ethereal trace when sending messages locally.
>
> I see this sort of exchanges..
>
> Evo -> Port 587 (MSA)
> (Then I see Clamav-milter being called )
> --->Received: by clamav-milter<----
> (then it gets passed to Spamc)
> -->PROCESS SPAMC/1.3<---
> (then I see the MSA port tells the connecting port)
> -->Message accepted for delivery<--
Is this what you want (the milters)? I'm still composing a reply to another
email about having separate milters on the MSA and MTA.
Which version of sendmail are you running?
>>You don't need an MTA (local or otherwise) to use fetchmail. You can use
>>an MDA (Mail Delivery Agent) like procmail to handle delivery instead:
>
> Then what about Spam/virus checks?
Procmail could filter the mail through spam and virus checkers, though
obviously this would be using a different mechanism than the milters, and
you'd have to consult the documentation for your spam/virus checkers on how to
do that. Personally I think that pushing them through your MTA is the best
solution.
Paul.
More information about the users
mailing list