|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
kill incoming mail connection as soon as virus recognized?
From: Claudio Fleiner (postfix
fleiner.com)
Date: Tue Sep 02 2003 - 10:50:41 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hi,
I'd like to change postfix so that it immediately terminates an incoming mail
connection when it recognizes a virus. Currently it will receive the whole
message, realize that its a virus (depending on header and/or body regexp) and
then respond with an error. Instead (in order to save bandwidth) I'd like to
send back an error message and close the network connection as soon as the
virus has been recognized (and not accept any more email commands on that
connection; In fact, the IP address that sent the virus may even be blocked for
two or three hours). I realize that this probably breaks the relevant RFC, but
in the case of a virus I don't particularly care.
If I understand the architecture correctly, "smtpd" receives the email and then
uses the "cleanup" program which will decide whether the email should be
accepted or not. I believe that both programs need to be changed in order to
get this behaviour (I did play around with smtpd but it seems that cleanup
also needs to be changed).
Thanks, Claudio
----------------------------------------------------------------------------
Claudio Fleiner claudiofleiner.com
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]