Messaging Server: Correctly Deploying the MTA for Anti-Spam/Virus Scanning
By joesciallo on Nov 08, 2007
According to many in the know, scanning for spam and viruses has now become the most expensive operation that the email infrastructure has to perform. So setting up this infrastucture, correctly, from the beginning of a messaging deployment, has become more and more critical.
The Sun Java System Messaging Server 6.3 Deployment Planning Guide has some basic information to assist with this deployment endeavor. For a quick look, check out the following figures:
- Incorrect Approach: The spam/virus filter is deployed "in front of" the MTA.
- Correct Approach: Mail flows from the Internet to the MTA first, and the MTA hands off to the spam/virus filter.
Here's some more information from our experts on this topic:
Sun has implemented the Messaging Server MTA to be able to "call out" to third-party spam/virus filter packages, like BrightMail and ClamAV, from within the MTA. Specifically, this happens within the SMTP server. The reason for this work is to enable putting a spam/virus filter package on an SMTP host--especially a separate SMTP host--deployed "in front" of the Messaging Server MTA.
From a Messaging Server perspective, it is very important to have the MTA do its address validity checks as soon as possible, before a site ever "accepts" (at an SMTP level) a message. That's why you should deploy the Messaging Server MTA "on the edge," so to speak,and then call out to the spam/virus filter package during the initial SMTP session.