On Tue, 2005-03-15 at 10:05, Henk van Lingen wrote:
> On Tue, Mar 15, 2005 at 09:36:58AM -0600, Les Mikesell wrote:
> > >
> > > I didn't follow this thread but I do think postfix supports filtering
> > > at the time you want. You can do body/headers checks at smtp time and
> > > you can hook in stuff like virusscanners both after and before queueing.
> >
> > To be useful, it needs to be done before the SMTP accept is done -
> > that is, concurrent with the conversation, and preferable running
> > under a different uid than anything else.
>
> Yes, and I state you can do that with postfix: (what is 'useful'?)
Useful is being able to run MimeDefang. It splits out attachments and
runs your choice of spam and virus tests with a small piece of perl
code controlling the actions. It is a long-running program that
sendmail uses through the milter interface and it in turn can use
daemon-mode scanners like clamd through a socket interface without
starting new processes.
> http://www.postfix.org/documentation.html
> Whether it is wise is another thing. I do virusscanning after smtp-accept,
> to prevent load surprises.
I don't see anything in there about being able to chat over a socket
with concurrently running scanning programs. If you have to start and
initialize your scanners for every message with a pipe-to-program
interface it is not surprising that you have load problems.
> As long as you don't join those idiots that
> bounce virus errors...
I silently drop known viruses since virtually all of them for the last
few years have forged the sending address, but I reject spam that
scores very high values with a 5xx and a moderately polite message
to allow the sender to reword and resend if the scanner happens to
be wrong.
--
Les Mikesell
les@xxxxxxxxxxxxxxxx
