Block SOBER at MTA (postfix)
Glenn Steen
glenn.steen at GMAIL.COM
Mon Dec 5 22:00:41 GMT 2005
[ The following text is in the "ISO-8859-1" character set. ]
[ Your display is set for the "US-ASCII" character set. ]
[ Some characters may be displayed incorrectly. ]
On 05/12/05, Drew Marshall <drew at themarshalls.co.uk> wrote:
> On Mon, December 5, 2005 17:52, Drew Marshall wrote:
> > On Mon, December 5, 2005 17:15, Dhawal Doshy wrote:
> >> As Drew mentioned, this is NOT supposed to replace a real AV but at the
> >> same time i'd like having a feature where viruses are rejected without
> >> much processing power. Plugging in an AV at the MTA is not such a great
> >> idea (no bandwidth savings and no decrease in resource usage).
> >
> > Oh, I don't know. If you plug in the clamAV scanner in the right place...
> >
> Replying to one's self, it's something to do with Postfix users. How sad...
Noted... Has been known to do this myself... Probably because our
thoughtprocesses are recursive in some way....:-)
>
> > If you use before queue scanning as described here
> > http://www.postfix.org/SMTPD_PROXY_README.html and set up the SMTP clam
> > scanner as per here http://memberwebs.com/nielsen/software/clamsmtp/ you
> > will save bandwidth as you can get Postfix to reject the mail at SMTP
> > stage
>
> Save some processing power not bandwidth is what I meant as you don't use
> SA this early (Not indeed do you accept the message).
Some little, yes. And you could actually reject the message, which is
a bit different, in the "responsibility according to RFC" department.
Still wouldn't save any bandwidth to speak of, since PF would need
wait for the dot.
> Thinking about this further, I wouldn't recommend it as you box would
> start to die under a sustained mail bombardment as the mail wouldn't queue
> for scanning (One of the advantages of MailScanner) and you would be
> reliant on Clam returning before the SMTP session timed out.
I don't know.... wouldn't this be pretty much the same as for sendmail
and the clamav milter?
If so, sure, you could run this.... provided you monitor the box ...
scrupulously!
> >
> > but it won't save processing in the same way as a decent MIME/ header/
> > body check will do.
>
> As that doesn't use Clam at all! A word of caution, which I should have
> included before, all forms of message check come at a performance price so
> the more you add or the more complex you make them the larger the hit
> (Hence the word decent!).
>
True.
(snip)
--
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
Support MailScanner development - buy the book off the website!
More information about the MailScanner
mailing list