From: Joris (Ideeel) (jorisideeel.nl)
Date: Tue Sep 02 2003 - 11:03:23 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

>> Claudio Fleiner<<
> Hi,
>
> I'd like to change postfix so that it immediately terminates an incoming
> mail
> connection when it recognizes a virus. Currently it will receive the whole
> message, realize that its a virus (depending on header and/or body regexp)
> and
> then respond with an error. Instead (in order to save bandwidth) I'd like
> to
> send back an error message and close the network connection as soon as the
> virus has been recognized (and not accept any more email commands on that
> connection; In fact, the IP address that sent the virus may even be
> blocked for
> two or three hours). I realize that this probably breaks the relevant RFC,
> but
> in the case of a virus I don't particularly care.
>

erm... the virusscanner won't be able to do anything with the mail untill
it is fully received will it? In case of amavis-type setups, which use a
separate SMTP session, it'll really be impossible.

In the case of header/body checks: you want postfix to DROP the connection
once a line match is found? In that case you'll definitely need some
communication to the firewall, as the sender MTA will think something just
broke and will try again....

I don't think you can push a 550 to the sender when it's halfway sending
its DATA and expect it to listen to it.

joris

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]