MailScanner and the postfix hold queue
Julian Field
MailScanner at ecs.soton.ac.uk
Mon Sep 24 20:25:30 IST 2007
Scott Silva wrote:
> Rodney Green spake the following on 9/24/2007 11:43 AM:
>> Hello,
>>
>> Has anyone using postfix and MailScanner investigated using the
>> smtpd_data_restrictions postfix config parameter to hold incoming
>> e-mail? This would be used instead of placing the HOLD statement in
>> the header_checks config file.
>>
>>
>> smtpd_data_restrictions =
>> permit_mynetworks
>> check_client_access static:HOLD
>>
>> The above would allow local mail from internal clients to bypass
>> MailScanner, I think. Anything
>> else would be put in the HOLD queue for MailScanner to scan.
>>
>> Any thoughts on this?
>>
>> Thanks,
>> Rod
>>
> Internal clients can get infected also, and you probably are not wise
> to exempt them from scanning. You would be amazed at how hard someone
> will try to get something they think they want or they think is OK
> even if I.T. says no.
And if you ever let a virus out of your site, you better be prepared for
some lawyer-happy recipient to try to sue you for negligence in not
virus-scanning your outgoing mail when you have systems in place that
could be set up to do it :-(
You also don't want to get blacklisted if one of your internal machines
is ever infected by a botnet. Traditionally, the boss's laptop is the
most likely offender in this case :-)
There are a thousand other reasons why exempting *any* mail from
complete virus, malware and spam content checking is A Bad Thing(tm).
Jules
--
Julian Field MEng CITP
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
MailScanner customisation, or any advanced system administration help?
Contact me at Jules at Jules.FM
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
For all your IT requirements visit www.transtec.co.uk
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
For all your IT requirements visit www.transtec.co.uk
More information about the MailScanner
mailing list