Another call for improvements

Wed May 31 17:00:13 IST 2006

On Tue, 30 May 2006, Julian Field wrote:
> Any of you got any features which you really need?
> I don't guarantee to implement them, or even consider them :-)

I think it would be neat to be able to configure some kind of
notification when something gets quarantined, like an e-mail to
a particular system administrator address.  I don't need to know
about every quarantined message, but it would be nice to be able
to create a ruleset so that, say, messages coming from internal
users do trigger notifications when they're quarantined.

The reason for this is that whether the quarantine was a false
positive (harmless message and MailScanner config is too strict)
or a true positive (harmful message), I as the administrator still
want to know about it.  In the former case (false positive), I
may need to help a user transfer some files by some other means.
In the latter case (true positive), I want to know about it
because it may indicate a machine on the internal network has
a virus or some other security problem.  In either case, it's
some sort of issue, and I think it would help user acceptance
of MailScanner at my site if I could be quickly notified and be
proactive about things.

Next idea is a bit more "out there".  In MailScanner.conf, there
is the "Queue Scan Interval" setting.  Looking at the source
(specifically Sendmail.pm), it seems that if I have that set to 6
seconds (the default IIRC), it will be doing a readdir() (via the
DirHandle class) of every entry in that directory every 6 seconds.
In other words, it's polling.  On a dedicated MailScanner-only
server, that doesn't matter at all, but on a mixed-use server
(MailScanner, pop/imap server, file server, internal web server,
and whatever else), that's a little wasteful of resources.  So...
is there anything smarter that can be done?

One idea is to, on Linux, use the INotify Perl module to take
advantage of the inotify kernel facility; you could then block
and be woken up only when the dir has changed (or when any file
in the dir has changed, if you register to be informed about all
that, I think).  That would provide a faster reaction time to
new message delivery as well as lowering overhead in many cases.

Another idea is to have an adaptive poll interval that varies
within some set range based on recent activity.  So, for example,
if the mail server is pretty close to idle, the poll interval is
maybe 30 seconds, but if it's busier, the interval could shrink
down to 5 seconds or something.

Like I said, that idea is a bit out there, and it probably doesn't
have much practical benefit.  I think I just hate to see polling
because it's bad style.  (Though I do realize that if there is no
other alternative, then it's not bad programming style to chose
the possible over the impossible...)

   - Logan