hi, > > you mention, leaving me with the probelm on content scan, is that correct? > > Correct
ok. clear. > > i'm using CLAMAV & SPAMASSASSIN. both of which can listen on either > > UNIX socket or over TCP. > > Look at the content scanning stuff in the docs, you can configure the > spam and malware scanner functionality to call a TCP socket. But this > might not do what you want - I don't know if in these particular > cases, Exim will pass the content to be scanned across the socket - > I've a sneaky suspicion it just passes a path/filename - relying on > the process the other end of the socket to open the content file > directly. the response i'd gotten earlier on _this_ was, > The reality would be: > Data Flow Type > Message edge -> core AV scan > Result core -> edge Hit/Not hit > Message edge -> core SA Scan > Result core -> edge SA report > Message edge -> core Message delivery > > Note that the "Result" data is far smaller, in most cases, than the > message itself; and that the first pass will only take place for > messages with MIME parts of an appropriate type anyway (the malware > condition is quite choosy, as it should be). where i understood the WHOLE message is passed three times, in the case of a 'good' message. guess i need to re-google & re-read :-/ > So you'd need to do this over NFS or similar. Getting nasty. if you're correct in this, the yes, 'nasty'. and i'll look for another route ... > > the message will make > > multiple network traversals from "edge" to "core", even for an OK > > message. > Yes - is internal network traffic that expensive, though? and there's my mentioned guess/sense rather than experience. it depends on what your definition of "that" is, i s'pose ... > > per an earlier recommendation, i'd looked at ASSP as an SMTP proxy --- > > but my understanding was that if deployed ON the "edge" router, the > > 'work' would be done there as well ... > > I didn't mean an intelligent proxy like ASSP, which does indeed do the > 'work', I meant a simple pass-through proxy - perhaps even just a > reverse NAT. Then there's no work at all on the edge server. ah. well that's what i do currently ... my exim box IS the lan-box, and NAT redirects port 25 traffic to the internal LAN box, port 25. > In fact, you don't then need the edge server at all. hm. the whole point of this exercise is to use the edge server to OFFLOAD load from the LAN/LAN-server, rejecting the "huge" majority of spam @ SMTP-chat at the edge, and to prevent suspect email from ever "setting foot" on the lan ... i must muse on this, methinks. -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
