[Esd-l] Order of Email Sanitizer in procmailrc

John D. Hardin jhardin at impsec.org
Thu Jul 29 17:17:27 PDT 2004


On Thu, 29 Jul 2004, Mike McCandless wrote:

> In our /etc/procmailrc file (used with Postfix), we invoke the following
> in this order:
> - email sanitizer
> - spamassassin
> - clamav
> 
> Should it matter if we modify the order in which email sanitizer runs?

In the current order you may want to apply the spamassassin patch
that's on the sanitizer website.

The order of operations is a subject for discussion: which tool
generates the most system load? Which one discards the most messages?

I would say the AV scanner should be last. I think that's the
"heaviest" tool, but I have no numbers to back that up - can anyone
provide any?

I've tried to make the sanitizer as lightweight as possible.
Single-pass, avoid reading entire attachments into memory, etc.

Spamassassin runs a lot of REs across the entire message body and
headers, and can perform DNS lookups.

Personally, I would say the above order is the best. What is
your reason to alter it?

Anybody else care to comment? Anybody have solid performance numbers
on the various tools?

--
 John Hardin KA7OHZ    ICQ#15735746    http://www.impsec.org/~jhardin/
 jhardin at impsec.org    FALaholic #11174    pgpk -a jhardin at impsec.org
 key: 0xB8732E79 - 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
  The [assault weapons] ban is the moral equivalent of banning red
  cars because they look too fast.
                                   -- Steve Chapman, Chicago Tribune
-----------------------------------------------------------------------
   46 days until the "Scary-Looking Guns" ban expires


More information about the esd-l mailing list