http proxy:suggestion

Rick Cooper rcooper at dwford.com
Fri Feb 22 18:52:25 GMT 2008 

 

 > -----Original Message-----
 > From: mailscanner-bounces at lists.mailscanner.info 
 > [mailto:mailscanner-bounces at lists.mailscanner.info] On 
 > Behalf Of Julian Field
 > Sent: Friday, February 22, 2008 11:39 AM
 > To: MailScanner discussion
 > Subject: Re: http proxy:suggestion
 > 
 > -----BEGIN PGP SIGNED MESSAGE-----
 > Hash: SHA1
 > 
 > 
 > 
 > shuttlebox wrote:
 > > On Fri, Feb 22, 2008 at 3:49 PM, David Lee 
 > <t.d.lee at durham.ac.uk> wrote:
 > >   
 > >>  Julian: A suggestion to assist large sites which sit behind tight
 > >>  firewalls...
 > >>
 > >>  The "cron.daily" scripts "update_phishing_sites" and 
 > "update_spamassassin"
 > >>  need to reach out to remote websites.  But at some large 
 > sites, the
 > >>  general practice is for web browsers to divert via a 
 > cache service. In
 > >>  this context the MS "update*" scripts are web clients 
 > (pseudo-browsers)
 > >>  and so the site-friendly way for the sites to work would 
 > be to honour any
 > >>  "http_proxy" environment variable.
 > >>
 > >>  That is almost, but not quite, already in place.  (Run 
 > manually, with
 > >>  explicit "http_proxy", it works.)
 > >>
 > >>  What still seems absent is recognising "http_proxy" when 
 > run under "cron".
 > >>
 > >>  Those scripts already do:
 > >>    if [ -f /etc/sysconfig/MailScanner ] ; then
 > >>         . /etc/sysconfig/MailScanner
 > >>    fi
 > >>
 > >>  But that file seems oriented to variables specific to 
 > "MailScanner.conf".
 > >>
 > >>  Could there also be a "/etc/sysconfig/MailScannerEnv" 
 > (or similar) whose
 > >>  purpose would be for environment variables for scripts?
 > >>     
 > >
 > > I'm all for supporting environment variables like http_proxy but if
 > > the scripts should be overhauled it would be better if 
 > they were made
 > > in a more Unix generic way. Sysconfig isn't even a Linux 
 > standard but
 > > a Red Hat one. :-)
 > >   
 > I believe SuSE use /etc/sysconfig too. I don't use a proxy 
 > at all, so 
 > have no easy way to test any of this. If you want to modify 
 > the scripts 
 > and send me the modified ones, I'll take a look at your 
 > changes certainly.
 > 
 > 
 > Jules
 > 

All of our mail servers are behind firewalls/proxies (authenticating,
forced, squid) and I personally just add an accept statement for the
relevant servers to pass around the outbound redirect to proxy for relevent
web traffice. That said, why not use the (.)?wgetrc and (.)?curlrc files to
enter the default proxy/user/password information on systems that need this
information? I have done this in the past for a specific server for a
specific reason.

Or are those items OS specific?

Rick


--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

More information about the MailScanner mailing list