Linux Help
guides forums blogs
Home Desktops Distributions ISO Images Logos Newbies Reviews Software Support & Resources Linuxhelp Wiki

Welcome Guest ( Log In | Register )



Advanced DNS Management
New ZoneEdit. New Managment.

FREE DNS Is Back

Sign Up Now
> What Guides Would You Like To See?
Jim
post Jun 8 2004, 01:53 PM
Post #1


Its GNU/Linuxhelp.net
*******

Group: Support Specialist
Posts: 1,280
Joined: 19-November 03
From: University of Minnesota- TC
Member No.: 1,828



I am starting this thread and leaving it open so people can post ideas guides. Please don't post answers in this thread, just come in and say "I would like to see a guide on ...." and maybe somebody will write one. Just because you float it does not mean it will get writen, I just throught it would be a nice place for people to get ideas.

Again, please just post ideas for guides here and nothing else, that will help make it easy and slim lined.


--------------------
--Jim Lester
jim@linuxhelp.net

Distro: Gentoo
System: AMD Athlon 3000+ XP 2.166 GHz
NVIDIA nForce2 IGP Chipset
1GB 333 MHz DDR SDRAM
NVIDIA nForce2 Dual Head 64 MB Graphics

Server Distro: CentOS
Go to the top of the page
 
+Quote Post
 
Start new topic
Replies
eradrix
post Jan 4 2005, 06:26 AM
Post #2


Whats this Lie-nix Thing?
*

Group: Members
Posts: 7
Joined: 13-October 04
From: Switzerland (french side)
Member No.: 3,949



mail server install guide out of date?(about Part. 4, MailScanner install)


source: http://www.sng.ecs.soton.ac.uk/mailscanner.../cache/382.html


QUOTE
MailScanner Faq-O-Matic : (Category) Postfix :
The Politics behind Postfix and Mailscanner
The Politics behind Postfix and Mailscanner 12/26/2004 by Avery Day. Thanks for the help Drew Marshall. -----------------------------------------------------------------------------------------------------------------------------------------
In no way are the opinions written here reflective of the Mailscanner team or its community. These are the opinions of just one individual and a one day quest set out to understand the delicate politics between the Mailscanner and Postfix communities. Postfix is a awesome piece of software, this writing is in no way intended to offend anyone, its only intended to inform the reader of some interesting information. I am almost certain that this article will draw fire from a lot of people. It's a Dirty Job, But Someone's Got to Do It.

Lets face the simple facts, the Postfix community (mailing list) doesn't think so highly of Mailscanner when used with Postfix. It wasn't the Postfix authors who complained but the users themselves which lead to this witch hunt. Try even mentioning the word Mailscanner on the Postfix mailing list and your likely to be slapped silly. Just search through the Postfix mailing list archives and you will see what I mean. So this was written to summarize some basic information that I have put together.

The problem in the past is this: the Postfix developers had a problem with the way in which Mailscanner accessed Postfix to do its scanning of emails. The Postfix developers complained of the possibility of duplicated or truncated emails when Postfix and Mailscanner were used together. Postfix was designed to only interface with other processes using traditional methods, such as SMTP or LMTP, MailScanner doesn't use these methods but instead sits between the incoming (SMTP) process and the delivery process of many popular MTAs. Using this design, and in common with other MTA installations, Postfix was originally designed with two instances. One just to receive mail and defer the delivery process and the other to just make delivery. MailScanner sits in the middle moving mail from one instance to the other. Unfortunately this required that the active Postfix queue files would be accessed directly by Mailscanner. By placing mail in the deferred queue (explained here http://www.postfix.org/OVERVIEW.html#delivering) Postfix would re-examine the messages to see if they could be delivered yet. This examination while MailScanner was scanning and moving the mail from one process to another could and often did cause duplications or truncated messages.

Basically the Postfix developers strongly advised against doing this. They suggested instead that Mailscanner have its own SMTP engine that could talk to Postfix like Amavis does (explained here http://www.postfix.org/FILTER_README.html#...#simple_filter). The Postfix developers offered no other alternative than this. In my opinion Mailscanner is not designed nor should be designed to speak SMTP. Simplicity has been the key to Mailscanners success. Why make things more complicated than they need to be. Now I am not claiming to be a security expert but wouldn't giving Mailscanner the ability to talk SMTP open up a security concern when having another SMTP engine thrown into the whole delivery process. Besides that, wouldn't this also require more resources for Mailscanner to run, and additionally Postfix, with possibly another transaction that would need to be made (depending on the design). IMHO Mailscanner is virus scanning software not an SMTP engine.

Recently however some changes have been made to allow for a different approach. This new approach does not require Mailscanner to access the active queue. Nor does it require Postfix to be split into two instances. It is still however acessing the Postfix queue but not the active queue, thats the key. Now Instead Postfix puts all incoming email into a hold queue for scanning. By putting a simple line into the Postfix /etc/Postfix/header_checks file (explained here http://www.sng.ecs.soton.ac.uk/Mailscanner.../Postfix.shtml) all email is put into the hold queue where from what has been explained to me, this is a safe quiet place that Postfix is no longer actively accessing or changing. Its basically frozen in the process as far as Postfix is concerned. As stated in the man pages for the qmgr: hold = Messages that are kept "on hold" are kept here until someone sets them free (also see man header_checks). Now Mailscanner can safely access these emails in the Postfix hold queue for scanning and then pass it back into Postfix active queue for delivery. To me and a lot of other people this makes perfect sense. This is much simpler approach and takes far less resources and time than to have Mailscanner running its own SMTP engine just so it can talk to Postfix. But the Postfix community and possibly even the developers are still insisting that Mailscanner is not a viable AV scanner for Postfix systems. Respectively, if this is still the case then the Postfix developers need to say something so other solutions can be worked out. The idea behind putting the incoming emails into the hold queue for scanning has eliminated all of the risks that were associated with using Mailscanner and Postfix together in the past. The Postfix website is still insisting that Mailscanner is a risk http://www.Postfix.org/addon.html. With the new single instance Postfix setup configuration, I have not seen any proof that would lead me to believe that any problems may arise. After 2 months of using Mailscanner with postfix in the single instance setup design I have not experienced any problems.

Questions or comments, I can be reached here: schrock(at)dayzed.com
Go to the top of the page
 
+Quote Post

Posts in this topic
- Jim   What Guides Would You Like To See?   Jun 8 2004, 01:53 PM
- - Jim   I would like to see a guide on security, specifica...   Jun 8 2004, 01:54 PM
- - hughesjr   Jim, Only Admins, Mods, and Support Specialists c...   Jun 20 2004, 06:11 AM
- - Corey   We haven't had anything pinned in Tech Support...   Jun 21 2004, 09:27 AM
- - hughesjr   OK ... A guide that I think might be good is this:...   Jun 22 2004, 09:11 PM
- - lesio1974   I would be most grateful if somebody posted a comp...   Jun 22 2004, 09:35 PM
- - bhupee   hello friends can any body tell me which guide i s...   Jul 1 2004, 01:07 PM
- - Agret   How to setup VPN   Jul 15 2004, 05:15 AM
- - WERUreo   I would like to see a guide on setting up an SNMP ...   Jul 20 2004, 07:12 AM
- - rich   As a newbie, I think it would be good to see a gui...   Jul 27 2004, 12:11 AM
- - Vinz   Guides on installing Mandrake 10 or RedHat 9. vin...   Aug 3 2004, 06:30 AM
- - killawulf   Hi All, I would like to see a comprehensive Guide...   Aug 28 2004, 11:51 AM
- - imaginaxion   hughesjr thats pretty much what i would like to se...   Sep 1 2004, 04:15 PM
- - chrisfrankr   would like to see a simple guide to opening downlo...   Oct 24 2004, 10:29 AM
- - tomyalarie   I would like to see a guide on ProFTPD, setting vi...   Nov 2 2004, 11:36 AM
- - a beast of fire   I would like to see a guide for those users(like m...   Nov 18 2004, 11:33 AM
- - Boon72   as a totally new user to linux, having just instal...   Nov 19 2004, 08:34 AM
- - crash_systems   Being new to linux, I would like to see a guide on...   Dec 7 2004, 06:22 PM
- - mikalee   I would like to see a guide on how to connect with...   Dec 13 2004, 07:15 AM
- - kurt476   i would like to see a guide about how to do progra...   Dec 31 2004, 02:13 PM
|- - CuriousCarl   Am total newbee. I was worried about computer com...   Feb 27 2016, 09:29 PM
- - Ryu Himora   I would like to see a guide on how to acess files ...   Jan 4 2005, 02:11 AM
- - eradrix   mail server install guide out of date?(about Part....   Jan 4 2005, 06:26 AM
- - bearwood   Pretty much what Hughjr would like to see but a tw...   Jan 5 2005, 08:46 AM
- - cowdudy   I would like to see some emphasis on server securi...   Jan 8 2005, 01:48 AM
- - kingyoun   i would like to see a guide on write program.   Jan 21 2005, 08:36 AM
- - Termina   Seeing all these duplicate posts, tommorow (no sch...   Feb 8 2005, 12:28 PM
- - Hapi   how to set up most internet connections including ...   Feb 9 2005, 11:49 AM
- - Robert83   Hapi : you should do the same thing what I'm...   Feb 9 2005, 12:43 PM
- - nECrO1967   I will echo (pun intended) the request of the othe...   Mar 16 2005, 04:52 PM
- - newmoon   Hi: Thanks for asking! I'd like to see c...   May 9 2005, 10:03 AM
- - cturtle   Hello, Most things are mentioned before or are al...   May 23 2005, 04:15 PM
- - has to b androstendione   hi i would like to see a post on installing softw...   Jun 30 2005, 07:49 PM
- - has to b androstendione   QUOTE (hughesjr @ Jun 22 2004, 09:11 PM)OK .....   Jun 30 2005, 07:59 PM
- - docmur   Well I currently working on Fluxbox. It would be ...   Jul 9 2005, 08:56 AM
- - DS2K3   QUOTE there is no difference between a static and ...   Jul 9 2005, 09:57 AM
- - Roger   Hi all you Linux experts, I would like to see a pl...   Jul 29 2005, 02:18 AM
- - evanw   how to dual boot   Aug 13 2005, 10:07 PM
- - evanw   I�d like to se just a basic quick start guide.   Oct 22 2005, 12:15 PM
- - beltranix   not too sound lame, i am a newb, there i said it, ...   Dec 11 2005, 09:08 PM
- - Jim   The problem with trying to do a "pictorial...   Dec 11 2005, 11:00 PM
- - gdogg1987   As I am very new to linux and a very fluent window...   Mar 15 2006, 05:44 PM
- - ConfusedChild   There is one guide I came on looking for. Under in...   Apr 21 2006, 10:01 PM
- - clebrun   I would like to see guides on setting up various s...   May 22 2006, 02:38 PM
- - alex905   for new people you misses out compileing things an...   Jun 4 2006, 11:34 AM
- - DS2K3   Compilation is covered in the Wiki unser "sof...   Jun 5 2006, 01:34 PM
- - iamberad   I'd like to see an intro guide on how to confi...   Jun 24 2006, 07:44 PM
- - tuxsbrother   id like to see a guide on configuring the x server...   Nov 19 2007, 01:23 PM
- - get2gether   Seems to me that 'tvtime' is the flavor of...   Nov 24 2007, 05:54 PM
- - iamberad   Id (also) like to see a guide on devices with dri...   Nov 24 2007, 06:54 PM
- - northernrookie   i want to see a guide that can take you step by st...   Dec 29 2007, 05:12 PM
- - wrjamesjr   I would like to see a guide on how to get USB key ...   Oct 2 2008, 01:57 PM
- - michaelk   wrjamesjr, Welcome to Linuxhelp. FWIW RH 9 is obs...   Oct 2 2008, 05:50 PM
- - Luzifull   yess Ok Thankss! _______________________ G...   Jan 8 2011, 02:43 AM
- - kupr   Guide to GRUB: 1) Finding correct details to parti...   Aug 5 2011, 04:05 AM
- - Eugenecoleman   I do like Premium Guides. I think they really help...   Jan 12 2013, 05:08 AM
- - teguhonline7   OK ... A guide that I think might be good is this:...   Nov 17 2016, 09:35 AM
- - alisa01   When I log into my web server via SSH I see the in...   Sep 12 2017, 09:44 AM


Reply to this topicStart new topic
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:

 



RSS Lo-Fi Version Time is now: 17th October 2017 - 11:05 PM