I've been running with a new configuration for the past week and I wanted to garner any comments you may have.
For the past week, I have been running Exim w/ Exiscan. I used to deny at the SMTP level failures on dnslist blacklists and other fatal issues. Now I permit all connections to proceed (except for "unknown users" after RCPT) through 'DATA'. I now have exiscan w/SA and ClamAV checking virtually every attempted email even though I may know I am going to deny it for reasons during the RCPT or HELO exchange. "Discard" level spam scoring emails (or failures at the other steps) cause a reject after the end of DATA. I also run MailScanner w/SA after a message is received successfully by the MTA. MailScanner runs it's checks. including a secondary Virus scanner, and handles reporting "low" scoring spam to the end users. So the question is this: Does it make sense to permit SA to examine as much mail as possible even when I already know I can reject most of it prior (dnslists, sender verify, etc)? Is there enough benefit to the AWL and Bayes to offset the additional processing? Does the cost of running SA twice on 5-10% of incoming email in this configuration make sense for the benefits (if any?)?
