Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > NFR Wizards> 1999

NFR Wizards Archive: Re: SMTP A/V Design

Re: SMTP A/V Design

Randy Grimshaw (rgrimshamailbox.syr.edu)
Thu, 18 Feb 1999 10:10:50 -0500 (EST)

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Next message: Matt McClung: "Re: analyzing firewall logs in a database"
Previous message: cbrenton: "Re: MS Proxy 2.0 is enough ?"
In reply to: Ferran Rebollar Cervello: "MS Proxy 2.0 is enough ?"
Next in thread: Christoph Schneeberger: "Re: SMTP A/V Design"

Matt:
Postfix is a newly released mailer / MTA which has much of your
architecture for scanning messages available as a side effect of its
modular design, and programs such as yours have been discussed in depth
on it's lists. Start at www.postfix.org for more information.

<><Randall Grimshaw, Network Programmer, Syracuse University, 315-443-5779

On Tue, 16 Feb 1999, Matt McClung wrote:

> I am lokking at designing a new email anti-virus scanning architecture for
> incoming mail. However, I don't see a clean way to scan email, review it
> for destination (bouncing etc) and then final delivery. Allow me to be more
> clear.
>
> 1. Internet email for x company is first identified at the firewall.
> 2. The firewall knows to pass SMTP traffic to a A/V scanning server, which
> it does
> 3. The A/V Servers finds nothing and sends back the message information to
> the firewall
> 4. The firewall then allows the email to the mail relay server on it
> service network (MX)
> 5. The Mail relay server (running sendmail) scans the envelope and other
> information to
> determine if the email is for a domain it is accepting mail for...
> 6. The mail relay host delivers mail to an internal SMTP server for final
> deliver to the
> email system.
>
> Questions: This almost seems like its too complicated with the seperate A/V
> Server and mail relay host. The delivery time is not the main concern, but
> rather the complexity and the steps the messages takes to finally get
> delivered.
>
> Anyone created such a beast? Because of the software (A/V) you have only a
> small choice of platforms, as well as the relay host. Therefore, you almost
> have to have something like this.
>
> Of course, this assumes that your company policy is to scan the email before
> it is allowed into the internal network (good idea). Otherwise you could do
> desktop scanning, or mail server scanning.
>
> INFO:
> The FW is FW-1 using CVP. The A/V server is NT running an A/V application
> to check SMTP and the mail relay host is a Sun Ultra running sendmail 8.9.x
>
> Your thoughts on this are requested...
>
> Matt McClung
> Net.Works Security Engineer
> mmcclungndwcorp.com
>
>
>

Next message: Matt McClung: "Re: analyzing firewall logs in a database"
Previous message: cbrenton: "Re: MS Proxy 2.0 is enough ?"
In reply to: Ferran Rebollar Cervello: "MS Proxy 2.0 is enough ?"
Next in thread: Christoph Schneeberger: "Re: SMTP A/V Design"

This archive was generated by hypermail 2.0b3 on Sat Jul 17 1999 - 07:18:09 CDT