MSA & MTA & Milters Was [Re: Firewall and NAT]

Ow Mun Heng Ow.Mun.Heng at wdc.com
Wed Nov 3 10:44:09 UTC 2004


On Wed, 2004-11-03 at 16:21, Paul Howarth wrote:
> On Wed, 2004-11-03 at 06:43, Ow Mun Heng wrote:
> > 
> > assuming these :
> > 
> > 1. MSA on port 587, MTA on port 25.
> > 2. Milters running on port 25
> > 3. No Milters running on port 587.
> > 4. Incoming External mails goes to port 25
> > 5. Internal Outgoing mails goes to port 587  
> >     (SMTP AUTH/TLS etc)
> > 
> > that outgoing mails are _not_ scanned by any milters (to save cpu
> > cycles). ( I still need to check on that - I just did, since my
> > submit.mc points my msp to localhost, it's getting miltered. Drats)
> 
> Perhaps we should start again from first principles. They key difference
> between the MSA and the MTA is that the MSA is targeted at outgoing mail
> and the MTA is targeted at incoming mail. So clearly you are going to
> want anti-virus/spam etc. filters on the MTA to deal with the incoming
> menace. Whether you want such filters on the outgoing traffic is a
> matter of preference, but splitting the functionality between MTA and
> MSA gives you the option of not applying the same filters to outgoing
> traffic if you don't feel the need to have them.

Understood. Exactly what I want. How to implement that is still a
mystery to me right now. Because the MSA and the MTA port is up.

Evo is configured to use the MSA for mail delivery.

I just did a ethereal trace when sending messages locally.

I see this sort of exchanges..

Evo -> Port 587 (MSA)
(Then I see Clamav-milter being called )
--->Received: by clamav-milter<----
(then it gets passed to Spamc)
-->PROCESS SPAMC/1.3<---
(then I see the MSA port tells the connecting port)
-->Message accepted for delivery<--

> 
> > > fetchmail can deliver the fetched mail differently than just to a
> > > running MTA on port 25.
> > 
> > Are you talking about the -S option for fetchmail?
> > (Keyword:  smtp[host])  Specify  
[snip]
> You don't need an MTA (local or otherwise) to use fetchmail. You can use
> an MDA (Mail Delivery Agent) like procmail to handle delivery instead:
> 

Then what about Spam/virus checks?




More information about the fedora-list mailing list