Loading ...
Sorry, an error occurred while loading the content.

Amavisd or multi-pipe?

Expand Messages
  • Ray Dzek
    Is there a general concensus on the prefered method for running something like clamAV and SA with postfix? Is there any significant disadvantage to just
    Message 1 of 2 , Feb 1, 2006
    • 0 Attachment
      Is there a general concensus on the prefered method for running something like clamAV and SA with postfix?  Is there any significant disadvantage to just passing the mail seperately through clamd and spamd vs using something like amavisd-new?
       
      Thanks in advance.
       

      Ray Dzek
      Net Ops / Helpdesk Supervisor
      Specialized Bicycle Components

       
    • Scott Russell
      ... I ve done both. On one box I used spamcheck.py from an older version of SA. The idea being that postifx pipes mail to spamcheck py which passes the mail
      Message 2 of 2 , Feb 1, 2006
      • 0 Attachment
        Ray Dzek wrote:
        > Is there a general concensus on the prefered method for running
        > something like clamAV and SA with postfix? Is there any significant
        > disadvantage to just passing the mail seperately through clamd and
        > spamd vs using something like amavisd-new?
        >
        I've done both. On one box I used spamcheck.py from an older version of
        SA. The idea being that postifx pipes mail to spamcheck py which passes
        the mail though spamd and back to spamcheck.py before lmtp delivery to
        Cyrus IMAPd. That seemed like a good idea at the time. The problem is
        that these other processes are no where nearly as reliable as postfix
        is! Once spamcheck.py had the email anything that went wrong usually
        resulted in a lost message (worst case) or a bounce (best case).

        On another box I pipe from postfix to spamc and feed back into postfix
        for delivery by lmtp to Cyrus IMAPd. Still using pipes, but much more
        reliable because spamc will always pass the mail back to postfix
        regardless of what spamd is doing. After spamc returns the mail to
        postfix delivery to Cyrus will happen or will be queued if the Cyrus
        lmtpd daemon isn't running. The weak link in this solution is that if
        for some reason spamc won't fire up (eg, test by setting perms to 644 on
        spamc!) postfix bounces the mail back rather than queues it for later
        retry. By the way, anyone have a solution for this other than "don't do
        that" ? :)

        Using a well established protocol like lmtp or smtp to pass the mail
        between postfix, SA/ClamAV, and your delivery is the way to go. The
        trade off is flexibility for the end user (site wide SA prefs vs
        per-user prefs, and no, amavis-new doesn't expose _all_ of spamassassin
        prefs, just the most common). Based on the volume of mail you're
        processing and the needs of your end users you'll have to decide what
        works best.

        If you do go with pipes, think about them carefully. Once the data
        stream (email message) is accepted by the pipe postfix is done with it
        and at that point any error control / recovery is up to the program you
        piped to! That's the point where you're most likely to loose mail in my
        experience.

        --
        Scott Russell <lnxgeek@...>
        IBM Linux Technology Center
      Your message has been successfully submitted and would be delivered to recipients shortly.