On Friday, October 27, 2006, 2:05:44 PM, DAve DAve wrote: > Dan Horne wrote:
>> Wietse Venema says that MailScanner uses unsupported methods to >> manipulate the queue that could (and has) lead to lost email. I don't >> know the full details, but it has been discussed much on the postfix >> list. My impression is that the condition is rare, but it does happen. >> >> Just a heads up. >> > I don't use Postfix any longer so I can't comment on how well > MailScanner works with Postfix. I can say it works wonderfully with > Sendmail. Nothing wrong with Postfix, but new jobs use new tools and I > learn the new tools. That said, this is the semi 'official' MailScanner > stance on Postfix AIUT. > http://wiki.mailscanner.info/doku.php?id=documentation:configuration:mta:postfix:politics&s=postfix > Note that apparently a LOT of MailScanner admins are running Postfix > with no problems. Julian is responsive to an extreme in dealing with his > users. If there was a problem, he would be all over it. > DAve Thanks DAve and all. For the record, the conclusion of that page says: __ The Solution Recently however some changes have been made to allow for a different approach. This new approach does not require MailScanner to access the active queue. Nor does it require Postfix to be split into two instances. It is still however acessing the Postfix queue but not the active queue, that is the key. Now Instead Postfix puts all incoming email into a hold queue for scanning. By putting a simple line into the Postfix /etc/Postfix/header_checks file all email is put into the hold queue which is a safe quiet place that Postfix is no longer actively accessing or changing. Its basically frozen in the process as far as Postfix is concerned. As stated in the man pages for the qmgr: hold = Messages that are kept on hold are kept here until someone sets them free (also see man header_checks). Now MailScanner can safely access these emails in the Postfix hold queue for scanning and then pass it back into Postfix active queue for delivery. To me and a lot of other people this makes perfect sense. This is much simpler approach and takes far less resources and time than to have MailScanner running its own SMTP engine just so it can talk to Postfix. But the Postfix community and possibly even the developers are still insisting that MailScanner is not a viable AV scanner for Postfix systems. Respectively, if this is still the case then the Postfix developers need to say something so other solutions can be worked out. The idea behind putting the incoming emails into the hold queue for scanning has eliminated all of the risks that were associated with using MailScanner and Postfix together in the past. The Postfix website is still insisting that MailScanner is a risk . With the new single instance Postfix setup configuration, I have not seen any proof that would lead me to believe that any problems may arise. After many months of using MailScanner with Postfix in the single instance setup design I have not experienced any problems. __ Seems like a reasonable solution from that description alone, but I know little about postfix internals and even less about MailScanner internals. OTOH the proposed solution would seem to be successful based on reported experience. Jeff C. -- Jeff Chan mailto:[EMAIL PROTECTED] http://www.surbl.org/
