[SA-exim] SA-Exim vs. ExiScan - at an initial glance
Tor Slettnes
tor at slett.net
Wed Nov 26 14:30:38 PST 2003
Having happily used SA-Exim[1] for a few months now, I just discovered
the 'ExiScan-ACL'[2] feature in Exim (distributed as a patch, and also
included in the 'exim4-daemon-heavy' Debian package - note that the
'exim4' metapackage by default selects 'exim4-daemon-light').
Having seen the best of both worlds, I now want it all! :-}
Specifically, from a superficial glance, these are the strengths of
ExiScan (as compared to SA-Exim):
o Supports 3 types of filtering:
- MIME/Attachment filtering (by filename extensions, mime errors..)
- Malware scanning (via programs such as MKS AntiVirus,
Sophie/Sophos, custom scripts...)
- Spam filtering (via SpamAssassin)
o Configured in the ACL section of the exim configuration file(s),
rather than in its own config file (and so takes advantage of *all*
the configuration syntax offered by Exim). For instance, the ACL
might be configured to 'accept' a message from local hosts before
the ExiScan statements are even reached (whereas SA-Exim is launched
on every message, and its configuration needs a separate conditional
statement if one does not wish to scan messages from certain hosts, say).
o Allows more flexibility in routing, accepting, rejecting messages
based on SA's score (through the 'spam' driver which evaluates to
true on spam, through internal Exim variables like $spam_score,
$spam_report...).
o Does not modify the original message unless told to (SA is processing
a copy of the message). This may be a disadvantage too; see below.
o Talks to 'spamd' directly, rather than launching 'spamc' do do so
(should reduce process creation overhead a little..)
Conversely, SA-Exim provides these functions not available in ExiScan:
o Teergrubing! [3] This alone is probably its biggest advantage,
and perhaps enough to choose this over ExiScan...
o Ability to save a copy of the message (whether rejected, temporarily
rejected, teergrubed, etc..) into a Maildir tree. (Sure, ExiScan
provides 'fakereject', but that's a bit harder to get working...)
o Preservation of SA's headers, such as 'X-Spam-Status'; useful to
keep in EXIM's "rejectlog". (ExiScan provides $spam_report, which
can be added in a header, but there seems to be no way to get the
"short" spam analysis (SA's _TESTS_ macro) logged using ExiScan).
In any case - both of these are really, really powerful Exim add-ons;
nobody should live without them. :^}
-tor
[1] See http://marc.merlins.org/linux/exim/sa.html
[2] See http://duncanthrax.net/exiscan-acl/
[3] See http://www.iks-jena.de/mitarb/lutz/usenet/teergrube.en.html
More information about the SA-Exim
mailing list