----- Original Message ----- From: "Kevin A. McGrail" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, June 22, 2004 8:23 AM Subject: [Mimedefang] Anti-SPAM for mailman mailing lists question
> I use mailman on our mailing list server. The mailing list server uses > procmail to call SA and since Mailman uses the alias file, emails go to the > list prior to being scanned for Virii. > > However, all of our mailman lists are on subdomains (i.e. mailman.pccc.com) > so it should be fairly easy to augment the system. > > My main concern is losing the bounce capabilities of MD by using the > stream_by_* functions. > > Therefore, my thought is to enable stream_by_recipient if one of the > recipients matches @mailman\. Has anyone ever done anything similar and is > there an easy way to tie in the SPAM test with ALL mailing lists instead of > one mailing list at a time? Idea #1 Have you considered running a separate instance of sendmail+MIMEDefang on an additional IP address? Just configure sendmail to bind to a specific IP address, and MX the mailman subdomains to that address (by name, of course!). That way you can run a completely custom filter appropriate to mailman without worrying about crossover (in fact, anything that looks like crossover is probably illegitimate!). Idea #2 Another approach that I'm less certain about (today isn't my "root thru the sendmail source code day") would be to add an additional IP address to the existing mail server, MX the lists to it and run your existing sendmail+MIMEDefang configuration. My logic is this: since the mailing lists are on a different hostname+IP address no MTA would ever connect to that address except to deliver to mailman recipients. If I'm correct, you would have the effect of stream_by_domain() taken care of before messages ever got to MIMEDefang at all. Again, if you see "crossover" where there are mailman and non-mailman recipients then either my idea is busted or it's a bad guy. The nifty thing about this approach is that you don't have to worry about running a two instances of MIMEDefang on a single box (which could get interesting!). If my logic is sound, idea #2 is much, much easier to implement and is likely to be more reliable. Chris Myers Networks By Design _______________________________________________ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
