Block SOBER at MTA (postfix)

Glenn Steen glenn.steen at GMAIL.COM
Mon Dec 5 22:00:41 GMT 2005

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On 05/12/05, Drew Marshall <drew at> wrote:
> On Mon, December 5, 2005 17:52, Drew Marshall wrote:
> > On Mon, December 5, 2005 17:15, Dhawal Doshy wrote:
> >> As Drew mentioned, this is NOT supposed to replace a real AV but at the
> >> same time i'd like having a feature where viruses are rejected without
> >> much processing power. Plugging in an AV at the MTA is not such a great
> >> idea (no bandwidth savings and no decrease in resource usage).
> >
> > Oh, I don't know. If you plug in the clamAV scanner in the right place...
> >
> Replying to one's self, it's something to do with Postfix users. How sad...

Noted... Has been known to do this myself... Probably because our
thoughtprocesses are recursive in some way....:-)
> > If you use before queue scanning as described here
> > and set up the SMTP clam
> > scanner as per here you
> > will save bandwidth as you can get Postfix to reject the mail at SMTP
> > stage
> Save some processing power not bandwidth is what I meant as you don't use
> SA this early (Not indeed do you accept the message).

Some little, yes. And you could actually reject the message, which is
a bit different, in the "responsibility according to RFC" department.
Still wouldn't save any bandwidth to speak of, since PF would need
wait for the dot.

> Thinking about this further, I wouldn't recommend it as you box would
> start to die under a sustained mail bombardment as the mail wouldn't queue
> for scanning (One of the advantages of MailScanner) and you would be
> reliant on Clam returning before the SMTP session timed out.

I don't know.... wouldn't this be pretty much the same as for sendmail
and the clamav milter?
If so, sure, you could run this.... provided you monitor the box ...
> >
> > but it won't save processing in the same way as a decent MIME/ header/
> > body check will do.
> As that doesn't use Clam at all! A word of caution, which I should have
> included before, all forms of message check come at a performance price so
> the more you add or the more complex you make them the larger the hit
> (Hence the word decent!).
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki ( and
the archives (

Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list