On Fri, Sep 19, 2003 at 11:29:16AM -0500, Sam MacDonald wrote: > My ISP is Visi and I have no problems with viruses thanks to Postini. > I did find 1 sobig that made it to my Postini account <delete>. Maybe > the cable companies need to implement Postini. It would save them time > and a lot of money. What a novel idea! ;-p It looks like Visi purchased the postini.com ISP product. Purchase! Hah! postfix + Amavisd-new + clamav + spamassassin works very well for us at CBS, thank you very much. ;-) Our setup currently looks like this: 1. SMTP Client connection to 25 (postfix) 1.1 Postfix checks ACL lists (whitelist, blacklist, DNSbl, etc) 1.1.1 Passes ACL, Accept for filtering 1.1.2 Fails ACL. Drop connection. 2. Filter message 2.1 Send message to localhost:10024 (amavis) 2.2 Amavisd-new receives message and performs virus checks (clamd) 2.2.1 If Virus, quarantine and send out notices to recip 2.3 Amavisd-new performs spam checks (spamassassin) 2.2.2 If Spam, label and pass for delivery 2.4 Amavisd-new delivers email 2.4.1 Send message to localhost:10025 (postfix) 3. Deliver message 3.1 Postfix accepts w/o ACL checks 3.2 Deliver messages to appropriate recipients Now, there's nothing special about having amavis, spamassassin, and clam antivirus on the localhost. We did have a separate machine running the filtering, but that one crashed on us recently and is being rebuilt. We could bypass the first step and send email directly to amavisd-new if we were allowed to change our MX records for cbs.umn.edu, but that presents some new and interesting problems itself. For example, postfix is not allowed to aggressively manage SMTP client connections to the domain servers. Amavisd-new doesn't have these sophisticated management methods, nor should it, IMHO. What I would really like to see with Postfix is a pluggable modules architecture that would allow you to customize the filtering process of email. Imagine a mod_python or mod_perl for postfix. Exim may be what I'm looking for, with its embedded perl interpretor. I'm not sure you can beat Exim for flexibility and scriptability. -- Chad Walstrom <chewie at wookimus.net> http://www.wookimus.net/ assert(expired(knowledge)); /* core dump */ -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://shadowknight.real-time.com/pipermail/tclug-list/attachments/20030919/edcbe019/attachment.pgp