Another call for improvements

Julian Field MailScanner at ecs.soton.ac.uk
Wed May 31 18:48:24 IST 2006



Logan Shaw wrote:
> On Tue, 30 May 2006, Julian Field wrote:
>> Any of you got any features which you really need?
>> I don't guarantee to implement them, or even consider them :-)
>
> I think it would be neat to be able to configure some kind of
> notification when something gets quarantined, like an e-mail to
> a particular system administrator address.  I don't need to know
> about every quarantined message, but it would be nice to be able
> to create a ruleset so that, say, messages coming from internal
> users do trigger notifications when they're quarantined.
Send Notices = yes
Notices To = postmaster

>
> The reason for this is that whether the quarantine was a false
> positive (harmless message and MailScanner config is too strict)
> or a true positive (harmful message), I as the administrator still
> want to know about it.  In the former case (false positive), I
> may need to help a user transfer some files by some other means.
> In the latter case (true positive), I want to know about it
> because it may indicate a machine on the internal network has
> a virus or some other security problem.  In either case, it's
> some sort of issue, and I think it would help user acceptance
> of MailScanner at my site if I could be quickly notified and be
> proactive about things.
>
> Next idea is a bit more "out there".  In MailScanner.conf, there
> is the "Queue Scan Interval" setting.  Looking at the source
> (specifically Sendmail.pm), it seems that if I have that set to 6
> seconds (the default IIRC), it will be doing a readdir() (via the
> DirHandle class) of every entry in that directory every 6 seconds.
> In other words, it's polling.  On a dedicated MailScanner-only
> server, that doesn't matter at all, but on a mixed-use server
> (MailScanner, pop/imap server, file server, internal web server,
> and whatever else), that's a little wasteful of resources.  So...
> is there anything smarter that can be done?
>
> One idea is to, on Linux, use the INotify Perl module to take
> advantage of the inotify kernel facility; you could then block
> and be woken up only when the dir has changed (or when any file
> in the dir has changed, if you register to be informed about all
> that, I think).  That would provide a faster reaction time to
> new message delivery as well as lowering overhead in many cases.
>
> Another idea is to have an adaptive poll interval that varies
> within some set range based on recent activity.  So, for example,
> if the mail server is pretty close to idle, the poll interval is
> maybe 30 seconds, but if it's busier, the interval could shrink
> down to 5 seconds or something.
>
> Like I said, that idea is a bit out there, and it probably doesn't
> have much practical benefit.  I think I just hate to see polling
> because it's bad style.  (Though I do realize that if there is no
> other alternative, then it's not bad programming style to chose
> the possible over the impossible...)
>
>   - Logan

-- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
MailScanner thanks transtec Computers for their support.



More information about the MailScanner mailing list