MailScanner has some additional features like rejecting mail with particular types of attachments and other niceties, but dirty attachments should probably trip clamav in the setup you have.
Originally Posted by Robin_Wilson
I don't use reject rules for RBLs because of the possibility of false positives. I prefer to let SpamAssassin handle all those things. You can see how SA scores various blacklists by looking in /usr/share/spamassassin/50_scores.cf. Usually a message that hits a blacklist will have plenty of other spammy features so it gets tagged anyway, but rejecting messages at the doorstop is tricky unless you have some experience with spam. Here's a sample that tripped on Spamcop:
URI_RU is a custom rule I wrote that matches embedded URLs that point to Russian domains. The rest of the scores come from SpamAssassin. Even without the extra ten SpamAssassin points for URI_RU, the message would score over 31 SA points. I start tagging at four and quarantine anything that scores over eight.
BAYES_99 3.50, BAYES_999 5.00, CK_HELO_DYNAMIC_SPLIT_IP 1.50, HELO_DYNAMIC_IPADDR2 3.61,
HTML_MESSAGE 0.00, MIME_HTML_ONLY 0.72, RCVD_IN_BL_SPAMCOP_NET 1.35,
RCVD_IN_BRBL_LASTEXT 1.45, RCVD_IN_PSBL 2.70, RCVD_IN_RP_RNBL 1.31,
RCVD_IN_XBL 0.38, RDNS_DYNAMIC 0.98, URIBL_BLACK 1.70, URIBL_DBL_SPAM 2.50,
URIBL_JP_SURBL 1.25, URIBL_SBL 1.62, URIBL_SC_SURBL 0.57, URIBL_WS_SURBL 1.61,
Yes, transport_maps are the mechanism to handle relaying just as mailertable does in sendmail. I would think you'd need a map to tell Postfix which mail to forward to Exchange. If all the other mail is delivered locally, then I'm not sure why you'd need any others.
I have now set up email relaying to the Exchange server for one domain using transport_maps in postfix which seems a bit hit and miss so I'm not really sure yet where it is getting dropped or why.
If all the spam scanning is done on the Linux box, I don't see how Exchange would know whether something is spam or not. I don't know Exchange, but if it does have some methods for checking inbound mail, I would think you should be able to tell it simply to trust the Linux box.
Also I'm thinking if Exchange checks the sending server it is going to detect that it is different and cause it to rank higher as spam?
I'd start with looking at /var/log/mail.log.
Also the spam and clamav headers are removed from the email when it comes into Exchange so either the Exchange server has removed them or the relayed email is not passing through the filters. Do you know of a way to check this?
I use sendmail because I've used it for fifteen or more years and know how to make it do what I need. Most systems these days ship with Postfix, so I'd say that's a better long-term investment of your time. I'm running Postfix on a backup MX server, but it doesn't have much to do other than accept plausibly legitimate messages and forward them on to the MailScanner box. Most mail to backup MX servers is spam, so I have a few simple entries in helo_access and sender_access to block obvious forgeries and most two-letter country-code domains for reasons I explained above. Both files look pretty similar; here is sender_access:
These use regular expressions and reject messages whose From matches email@example.com or someone@somewhere.??.
# no mail from outsiders claiming to be us
# no two-letter country-code domains except us/ca
/\.[a-z][a-z]$/ REJECT US senders only