MSA & MTA & Milters Was [Re: Firewall and NAT]

Ow Mun Heng Ow.Mun.Heng at wdc.com
Wed Nov 3 11:03:15 UTC 2004 

On Wed, 2004-11-03 at 18:53, Paul Howarth wrote:
> Ow Mun Heng wrote:
> > On Wed, 2004-11-03 at 16:21, Paul Howarth wrote:
> >>Perhaps we should start again from first principles. They key difference
> >>between the MSA and the MTA is that the MSA is targeted at outgoing mail
> >>and the MTA is targeted at incoming mail. So clearly you are going to
> >>want anti-virus/spam etc. filters on the MTA to deal with the incoming
> >>menace. Whether you want such filters on the outgoing traffic is a
> >>matter of preference, but splitting the functionality between MTA and
> >>MSA gives you the option of not applying the same filters to outgoing
> >>traffic if you don't feel the need to have them.
> > 
> > 
> > Understood. Exactly what I want. How to implement that is still a
> > mystery to me right now. Because the MSA and the MTA port is up.
> > 
> > Evo is configured to use the MSA for mail delivery.
> > 
> > I just did a ethereal trace when sending messages locally.
> > 
> > I see this sort of exchanges..
> > 
> > Evo -> Port 587 (MSA)
> > (Then I see Clamav-milter being called )
> > --->Received: by clamav-milter<----
> > (then it gets passed to Spamc)
> > -->PROCESS SPAMC/1.3<---
> > (then I see the MSA port tells the connecting port)
> > -->Message accepted for delivery<--
> 
> Is this what you want (the milters)? I'm still composing a reply to another 
> email about having separate milters on the MSA and MTA.

On outgoing emails? No. I want them to bypass the MTA and go straight to
the MX. 

Hmm.. this may prove to be futile since in the company, with no I-net
access, emails gets set out via the FALLBACK_MX (whcih is actually the
SMART_HOST equilvalent, only better)

But hang on, sending local emails to local users still go through the
milters. Which I Don't want. 

Objective. All outgoing emails from Evo, gets sent to port 587, and then
goes to the recipient.

> 
> Which version of sendmail are you running?
> 
> >>You don't need an MTA (local or otherwise) to use fetchmail. You can use
> >>an MDA (Mail Delivery Agent) like procmail to handle delivery instead:
> > 
> > Then what about Spam/virus checks?
> 
> Procmail could filter the mail through spam and virus checkers, though 
> obviously this would be using a different mechanism than the milters, and 
> you'd have to consult the documentation for your spam/virus checkers on how to 
> do that. Personally I think that pushing them through your MTA is the best 
> solution.

I'm sticking with the MTA solution.

Thanks

More information about the fedora-list mailing list