[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Firewall system
Re: Firewall system
Fri, 18 Jul 2003 01:18:32 -0400
Quoting Cassandra Lynette Brockett (address@hidden):
> ----- Original Message -----
> From: "Michael St. Laurent" <address@hidden>
> To: <address@hidden>
> Sent: Wednesday, July 16, 2003 1:57 PM
> Subject: Firewall system
> > I'm trying to get spamass-milter working on a new Red Hat 9 based firewall
> > system. I'm using the FWTK (Firewall Toolkit) proxy servers so the "smap"
> > proxy receives the incoming email, queues it for the "smapd" program to
> > process which then submits it to sendmail. The instructions for
> > spamass-milter say that sendmail must receive the email via SMTP but
> > not possible with this setup. Is there some way I can make this work?
> > --
> > Michael St. Laurent
> > Hartwell Corporation
> I think the documentation might be a little misleading there.
> Basically the main problem is how sendmail calls the milter - in most cases
> (ie, most users using smtp direct to the email server) sendmail calls the
> milter with certain flags and such that specify the fact it was an SMTP
> message (as opposed to UUCP or command line delivery, etc)...
No, sendmail does NOT invoke milter if it's called from the command
line. OTOH, you have the opportunity to have SMAP pass the mail
to spamd itself.
One of the many problems with SMAP (besides being fine code for 1994),
is that it doesn't speak ESMTP, so you lose a lot of value that's been
added in the last 10 years.
You may get more "security", but you can't use SMTP/TLS to encrypt
your mail stream. You can't pipeline messages, etc.
More, sendmail on a machine that does zero local deliveries (not
even .forward files) can run as "not root."
You don't get to stop large mails at the protocol greeting (if, say,
good client has a 1MB mail and your sendmail advertises that it only
takes, say, 500k MAX).
I think Marcus R might even be backing down on SMAPD's code at this
time. 10 years is a good run.
Back to sendmail, 8.12 does a dual delivery, so SMAP might work fine.
It passed to sendmail via a command line, while that sendmail passes
to a daemon listing on port 25 (localhost only, or even a unix socket).
They speak SMTP. But again, why not just have SMAPD to that work?