Confused about Mailscanner

Posted on 2004-04-09
Last Modified: 2008-02-01
I know what some of you are thinking "no not this dork again". Sorry its my obsessive personality I cant help it :)

I have a few questions to ask and maybe a few more depending on the answers I get. If it gets too involved or you feel its worth more than 500 points then don't hesitate to let me know, I will gladly open up a new post of needed :)

I have been running a postfix+spamassassin+procmail (sitewide setup with /etc/procmailrc) setup with Maildir. I would like to use Mailscanner but I am having a hard time understanding how my setup needs to adapt for Mailscanner to fit in. I have a few questions

I do not need procmail anymore for the MDA right? If I do not need procmail anymore how does spam that is tagged by spamassassin and Mailscanner get put in ~/Maildir/.spam/cur
Or do I still need procmail?

I really like how spammassassin tags spam and scores and reports on its results. How does mailscanner work? When mail arrives it gets scanned by mailscanner but then what. Lets say that it is spam and it get tags as such. Does it then get passed on to spamassassin for scanning also. See this is the part that is confusing to me. Would someone mind explaining to me how this works.

I am more interested in Mailscanner for filtering out mail with specific attachements than anything else at this point. The file filetype.rules.conf from what I understand controlls all of this. For example can I just do "deny exe" instead of "deny executable".

Question by:illtbagu
  • 3
  • 2
  • 2

Accepted Solution

troopern earned 250 total points
ID: 10796115
MailScanner is a neat tool for spam filtering, indeed.

Setting up MailScanner with postfix requires you do setup 2 daemons of postfix to be running. On for recieving mails, sending them to MailScanner for filtering. And when that's done MailScanner sends it to the next daemon that will take care of the maildir delivery.

MailScanner works like following:
It uses SpamAssassing for scanning spam mails, it is capable of spamscanning itself, but that function I don't really know the effectivity of since I've always used SpamAssassin with my MailScanner setups. In short: MailScanner uses SpamAssassin, and doesn't send to SA afterwards.

Denying executable probably means denying .exe, .com and other executable fileformats.
You should be able to do a "deny exe" without a doubt. But as far as I'm concerned it's bundled into "executable" since .exe is an executable filetype =).

I hope this helps you understanding MailScanner, I'm willing to answer more questions that might come up.

Author Comment

ID: 10797828
I have 2 postfix daemons setup and running, mailscanner is setup and tagging the headers.

When I think of excutable I think of
I have procmailrc setup on my home email server to delete any mail with these types of attachements and it works great. I will just use Mailscanner to do this for me now.

What antivirus works best with Mailscanner? What antivirus is the easyest to setup?

Here is how I picture things working as of right now without mailscanner
postfix ---> procmail ---> Maildir
                           |---------- > spamassassin

Here is how I picture things working with mailscanner ---> Mailscanner ---> postfix ---> procmail ---> Maildir
                                  |---------- > spamassassin

I would still need to use procmail if I would like all detected spam to get delivered to the users spam box. I didn't hear any arguments otherwise so I will just assume this is the standard way of doing things with mailscanner.

I can just call out procmail to be used in this file /etc/postfix/ like so
mailbox_command = /usr/bin/procmail
Am I right?

Thanks for your help

Expert Comment

ID: 10818483
Yeah, you can call procmail like that.

You can add custom filetypes that is not allowed in MailScanner, right now I don't exactly remember how do to that. Haven't got it on a machine in within my reach, but the documentation that comes with MailScanner describes this good.

Procmail will probably be the best way of sorting messages to the users spambox. I haven't setup a similiar function in MailScanner myself yet.

Sorry for the late reply, I've been quite buzy lately with studies and Easter celebration...
VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

LVL 20

Expert Comment

ID: 10824750
Um, did you really look through the excellently commented /etc/MailScanner/MailScanner.conf file? Look at the section starting with
# What to do with spam
... Note that it is MailScanner that actually performs these actions (default is more or less "none" the disguise "deliver":-). Since it would be less than fruitful to let both samassassin and MailScanner do spam RBL lookups, you should probably lookat making sure only one does... ISTR MailScanner by default is configured to "do it itself":).
Note that both filename and filetype checking come into play, so look through/adjust both.

And you shouldn't _need_ any particular procmail filters for what you want to do, but you can (of course:-) have 'em;)

-- Glenn

Author Comment

ID: 10825730
So then If I don't need procmail how can I get all spam that has been tagged to be put in a folder called spam in the users mailbox? Before procmail did this. Are you saying that Mailscanner can do this for me?
LVL 20

Assisted Solution

Gns earned 250 total points
ID: 10831087
Nono, either I read you wrong, or the other way around:-).
Procmail is still superior for "per user" delivery, but... why deliver confirmed spam, when there is such a remote possibility of "false positives"? All the alternative settings for handling spam in MailScanner can make sense ... depending on situation.
For example, dropping confirmed spam with a
High Scoring Spam Actions = delete
and perhaps notifying the recipient that suspected spam has been quarantined and is available upon request with a
Spam Actions = store notify
or perhaps just convert the message to an attachment to the warning message and deliver it with a
Spam Actions = attachment deliver
would be a workable solution. Still using procmail for the users convenience... Or the admins:-)... to do further things with the message at local delivery.
It wouldn't make sense to remove procmail from the equation... It's to damn versatile a tool to give up:-). You/your users might still want to make arbitrary _other_ sortings of the incoming messages...
What I'm implying is that there are other ways of dealing with spam than a straight delivery... is all.

One good thing (in my book at least) is that MailScanner will enforce the same rules pretty much regardless of direction of the mail (incoming or outgoing), so even if you haven't done any "NDR-spamming measures" you'd still be pretty insulated (postfix'll be able to take care of that too... Of course... Especially if you've been smart enough to have configured recipient_maps (local and/or relay).

BTW, I'm using clam for antiviral scanning, and (since I'm "fronting M-Sexchange") at local deliver also have virusscan in its "groupshield for exchange" guise. I'd rather drop M-Sexchange in the dustbin, but... well, corporate politics..:-). Clam is very easy, as well as the MailScanner config...:-). But from a MailScanner perspective _any_ AV program will do (well, noting the virusscan strangeness about links:-).

-- Glenn

Author Comment

ID: 10843556

Featured Post

Master Your Team's Linux and Cloud Stack!

The average business loses $13.5M per year to ineffective training (per 1,000 employees). Keep ahead of the competition and combine in-person quality with online cost and flexibility by training with Linux Academy.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

If you have a server on collocation with the super-fast CPU, that doesn't mean that you get it running at full power. Here is a preamble. When doing inventory of Linux servers, that I'm administering, I've found that some of them are running on l…
Linux users are sometimes dumbfounded by the severe lack of documentation on a topic. Sometimes, the documentation is copious, but other times, you end up with some obscure "it varies depending on your distribution" over and over when searching for …
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question