Confused about Mailscanner

I know what some of you are thinking "no not this dork again". Sorry its my obsessive personality I cant help it :)

I have a few questions to ask and maybe a few more depending on the answers I get. If it gets too involved or you feel its worth more than 500 points then don't hesitate to let me know, I will gladly open up a new post of needed :)

I have been running a postfix+spamassassin+procmail (sitewide setup with /etc/procmailrc) setup with Maildir. I would like to use Mailscanner but I am having a hard time understanding how my setup needs to adapt for Mailscanner to fit in. I have a few questions

I do not need procmail anymore for the MDA right? If I do not need procmail anymore how does spam that is tagged by spamassassin and Mailscanner get put in ~/Maildir/.spam/cur
Or do I still need procmail?

I really like how spammassassin tags spam and scores and reports on its results. How does mailscanner work? When mail arrives it gets scanned by mailscanner but then what. Lets say that it is spam and it get tags as such. Does it then get passed on to spamassassin for scanning also. See this is the part that is confusing to me. Would someone mind explaining to me how this works.

I am more interested in Mailscanner for filtering out mail with specific attachements than anything else at this point. The file filetype.rules.conf from what I understand controlls all of this. For example can I just do "deny exe" instead of "deny executable".

Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

troopernConnect With a Mentor Commented:
MailScanner is a neat tool for spam filtering, indeed.

Setting up MailScanner with postfix requires you do setup 2 daemons of postfix to be running. On for recieving mails, sending them to MailScanner for filtering. And when that's done MailScanner sends it to the next daemon that will take care of the maildir delivery.

MailScanner works like following:
It uses SpamAssassing for scanning spam mails, it is capable of spamscanning itself, but that function I don't really know the effectivity of since I've always used SpamAssassin with my MailScanner setups. In short: MailScanner uses SpamAssassin, and doesn't send to SA afterwards.

Denying executable probably means denying .exe, .com and other executable fileformats.
You should be able to do a "deny exe" without a doubt. But as far as I'm concerned it's bundled into "executable" since .exe is an executable filetype =).

I hope this helps you understanding MailScanner, I'm willing to answer more questions that might come up.
illtbaguAuthor Commented:
I have 2 postfix daemons setup and running, mailscanner is setup and tagging the headers.

When I think of excutable I think of
I have procmailrc setup on my home email server to delete any mail with these types of attachements and it works great. I will just use Mailscanner to do this for me now.

What antivirus works best with Mailscanner? What antivirus is the easyest to setup?

Here is how I picture things working as of right now without mailscanner
postfix ---> procmail ---> Maildir
                           |---------- > spamassassin

Here is how I picture things working with mailscanner ---> Mailscanner ---> postfix ---> procmail ---> Maildir
                                  |---------- > spamassassin

I would still need to use procmail if I would like all detected spam to get delivered to the users spam box. I didn't hear any arguments otherwise so I will just assume this is the standard way of doing things with mailscanner.

I can just call out procmail to be used in this file /etc/postfix/ like so
mailbox_command = /usr/bin/procmail
Am I right?

Thanks for your help
Yeah, you can call procmail like that.

You can add custom filetypes that is not allowed in MailScanner, right now I don't exactly remember how do to that. Haven't got it on a machine in within my reach, but the documentation that comes with MailScanner describes this good.

Procmail will probably be the best way of sorting messages to the users spambox. I haven't setup a similiar function in MailScanner myself yet.

Sorry for the late reply, I've been quite buzy lately with studies and Easter celebration...
Never miss a deadline with

The revolutionary project management tool is here!   Plan visually with a single glance and make sure your projects get done.

Um, did you really look through the excellently commented /etc/MailScanner/MailScanner.conf file? Look at the section starting with
# What to do with spam
... Note that it is MailScanner that actually performs these actions (default is more or less "none" the disguise "deliver":-). Since it would be less than fruitful to let both samassassin and MailScanner do spam RBL lookups, you should probably lookat making sure only one does... ISTR MailScanner by default is configured to "do it itself":).
Note that both filename and filetype checking come into play, so look through/adjust both.

And you shouldn't _need_ any particular procmail filters for what you want to do, but you can (of course:-) have 'em;)

-- Glenn
illtbaguAuthor Commented:
So then If I don't need procmail how can I get all spam that has been tagged to be put in a folder called spam in the users mailbox? Before procmail did this. Are you saying that Mailscanner can do this for me?
GnsConnect With a Mentor Commented:
Nono, either I read you wrong, or the other way around:-).
Procmail is still superior for "per user" delivery, but... why deliver confirmed spam, when there is such a remote possibility of "false positives"? All the alternative settings for handling spam in MailScanner can make sense ... depending on situation.
For example, dropping confirmed spam with a
High Scoring Spam Actions = delete
and perhaps notifying the recipient that suspected spam has been quarantined and is available upon request with a
Spam Actions = store notify
or perhaps just convert the message to an attachment to the warning message and deliver it with a
Spam Actions = attachment deliver
would be a workable solution. Still using procmail for the users convenience... Or the admins:-)... to do further things with the message at local delivery.
It wouldn't make sense to remove procmail from the equation... It's to damn versatile a tool to give up:-). You/your users might still want to make arbitrary _other_ sortings of the incoming messages...
What I'm implying is that there are other ways of dealing with spam than a straight delivery... is all.

One good thing (in my book at least) is that MailScanner will enforce the same rules pretty much regardless of direction of the mail (incoming or outgoing), so even if you haven't done any "NDR-spamming measures" you'd still be pretty insulated (postfix'll be able to take care of that too... Of course... Especially if you've been smart enough to have configured recipient_maps (local and/or relay).

BTW, I'm using clam for antiviral scanning, and (since I'm "fronting M-Sexchange") at local deliver also have virusscan in its "groupshield for exchange" guise. I'd rather drop M-Sexchange in the dustbin, but... well, corporate politics..:-). Clam is very easy, as well as the MailScanner config...:-). But from a MailScanner perspective _any_ AV program will do (well, noting the virusscan strangeness about links:-).

-- Glenn
illtbaguAuthor Commented:
All Courses

From novice to tech pro — start learning today.