Richard Patterson wrote:
> Kurt Albershardt wrote:
>
>> John Peacock wrote:
>>
>>>
>>> My preferred configuration is this:
>>>
>>> MX1 MX2
>>> \ /
>>> \ /
>>> DSPAM
>>> |
>>> V
>>> IMAP/POP3
>>>
>>> Where the two MX boxes have hard forwards for all domains to the DSPAM
>>> box, and the DSPAM box has hard forwards to the actual mail server.
>>> There is nothing to prevent the DSPAM service to be shared with one of
>>> the MX boxes
>>
>>
>> Any reason not to run DSPAM on both MX boxes?
>
> Both servers would learn tokens from emails passing through, but how
> would you know which server to forward spam to?
>
> Both servers would have to share a database somehow for this to
> work... IMHO this is a security risk, and also a single point of
> failure...
Not sure what John does but I don't use dspam quarantine
so different dspam servers sharing one mysql server or
mysql cluster would be fine. I use imap Spam folders
instead of quarantine, and a Mistakes folder instead of
web gui to quarantine.
The mysql security issues are the usual ones, nothing
unique here, and it might be as easy as only using a mysql
udp socket or localhost port on dedicated servers. Also no
new security issue compared to running an imap postoffice
on the same pc, with all messages in plain text. What's so
great about reading dspam tokens in a db which only has
a udp socket or localhost port, compared to reading
plaintext mail? I don't see a new security issue.
-Bob
Received on Mon Dec 12 22:52:05 2005
This archive was generated by hypermail 2.1.8 : Tue Dec 13 2005 - 00:00:01 EST