Another call for improvements

[Julian Field]

Logan Shaw wrote:
> On Tue, 30 May 2006, Julian Field wrote:
>> Any of you got any features which you really need?
>> I don't guarantee to implement them, or even consider them :-)
>
> I think it would be neat to be able to configure some kind of
> notification when something gets quarantined, like an e-mail to
> a particular system administrator address.  I don't need to know
> about every quarantined message, but it would be nice to be able
> to create a ruleset so that, say, messages coming from internal
> users do trigger notifications when they're quarantined.
Send Notices = yes
Notices To = postmaster

>
> The reason for this is that whether the quarantine was a false
> positive (harmless message and MailScanner config is too strict)
> or a true positive (harmful message), I as the administrator still
> want to know about it.  In the former case (false positive), I
> may need to help a user transfer some files by some other means.
> In the latter case (true positive), I want to know about it
> because it may indicate a machine on the internal network has
> a virus or some other security problem.  In either case, it's
> some sort of issue, and I think it would help user acceptance
> of MailScanner at my site if I could be quickly notified and be
> proactive about things.
>
> Next idea is a bit more "out there".  In MailScanner.conf, there
> is the "Queue Scan Interval" setting.  Looking at the source
> (specifically Sendmail.pm), it seems that if I have that set to 6
> seconds (the default IIRC), it will be doing a readdir() (via the
> DirHandle class) of every entry in that directory every 6 seconds.
> In other words, it's polling.  On a dedicated MailScanner-only
> server, that doesn't matter at all, but on a mixed-use server
> (MailScanner, pop/imap server, file server, internal web server,
> and whatever else), that's a little wasteful of resources.  So...
> is there anything smarter that can be done?
>
> One idea is to, on Linux, use the INotify Perl module to take
> advantage of the inotify kernel facility; you could then block
> and be woken up only when the dir has changed (or when any file
> in the dir has changed, if you register to be informed about all
> that, I think).  That would provide a faster reaction time to
> new message delivery as well as lowering overhead in many cases.
>
> Another idea is to have an adaptive poll interval that varies
> within some set range based on recent activity.  So, for example,
> if the mail server is pretty close to idle, the poll interval is
> maybe 30 seconds, but if it's busier, the interval could shrink
> down to 5 seconds or something.
>
> Like I said, that idea is a bit out there, and it probably doesn't
> have much practical benefit.  I think I just hate to see polling
> because it's bad style.  (Though I do realize that if there is no
> other alternative, then it's not bad programming style to chose
> the possible over the impossible...)
>
>   - Logan

-- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
MailScanner thanks transtec Computers for their support.