From: Rob Hutton (rob.huttoncomcast.net)
Date: Tue Sep 02 2003 - 12:08:53 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Right, I missread the original message to mean that he did not want to
accept, then bounce it, he wanted to 5xx it up front. My bad...

Thanks,
Rob

> -----Original Message-----
> From: owner-postfix-userspostfix.org
> [mailto:owner-postfix-userspostfix.org]On Behalf Of Stephen Satchell
> Sent: Tuesday, September 02, 2003 1:00 PM
> To: Rob Hutton; Claudio Fleiner; postfix-userspostfix.org
> Subject: RE: kill incoming mail connection as soon as virus recognized?
>
>
> At 12:03 PM 9/2/2003 -0400, Rob Hutton wrote:
> >This is acheivable using the proxy feature in the current snapshot. Read
> >the Filter readme for a discussion.
>
> What he wants is to interrupt the mail stream while it's in progress, and
> reject the mail with a 5xx errorcode.
>
> Nope. SMTP is *too* simple in that you aren't supposed to send a result
> code until the final period, or an end-of-file indication from
> the sending
> party. A valid implementation will see the broken pipe as a
> communication
> failure, and reschedule the transmission for later, eating up even MORE
> bandwidth.
>
> Nope, you gotta listen to the whole thing, and let the bandwidth
> get eaten,
> before sending back your 5xx status code to kill the mail off.
>
> On the bright side, most virus payload is under 100 kB , and the point
> where you can reliability sense a virus (as opposed to benign) payload is
> pretty far down the message. If you are blocking all pif, scr,
> &c, though,
> you do waste quite a bit of bandwidth, but MIME encoding is still
> one huge
> message to the SMTP engine so you suck it up and then send the kiss-off.
>
> Satch
>
>
> --
> "Using these toolkits is like trying to make a bookshelf out of mashed
> potatoes." -- Jamie Zawinski, on X-Windows toolkits
>

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]