From: Noel Jones (njonesmegan.vbhcs.org)
Date: Tue Dec 04 2007 - 12:17:42 CST

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

C. Vorwerk wrote:
> Noel Jones schrieb:
>
>> I don't think there is a good solution to your goal of scanning mail
>> up to some size pre-queue and scan the rest post-queue.
>>
> I don't know so much about good. There are probably many opinions about
> how to implement in a good way. I'd like to hear some.
>
> I talkt to the clamsmtp mailing list. They said, that i might implement
> this feature without many changes, just checking the size of the mail
> after it recives it.
> I will try that the next weeks.

Does clamsmtp save the incoming mail to a temp file and then
scan it before passing it to the next hop? (surely it doesn't
try to cache it in memory...)

If so, you could have clamsmtp either pass the mail or just
add some X-header that you use as a trigger for post-queue
scanning.

AFAIK, this is the only way this could work cleanly. And yet
you would still risk timeout issues on large mails or messages
that take a long time to scan for some reason.

>
>> Running two clamd daemons and routing mail to the second one as a
>> post-queue content_filter is the only way I can think of. While
>> resource usage probably wouldn't be terrible, it is rather complex and
>> awkward. This also requires some bit of glue so postfix can select a
>> FILTER based on the size of the message. The SA plugin is one way,
>> another way is a policy service that either uses PREPEND to add a
>> X-Size: header or just returns a FILTER command itself.
>>
>> more info here might help:
>> http://www.postfix.org/SMTPD_POLICY_README.html
>> http://www.postfix.org/addon.html#policy
>>
>
> You are probably right about the resources in a large scale. As a
> hosting service provider i would not wory about it either even with
> onlinescanning 10 Mb mails. But when you are small and need to calculate
> sharply about the costs, every Mb of your RAM is wourth a fortune even
> it is cheap on the market.
> By the way, i don't like the idea to run services twice without any
> need. It complicates the configuration.
>
> I will try to patch the clamsmtp with an max size and maybe an min size
> option. Alternativly it writes an special trustworthy header with a salt
> which can be identified by postix for further mappings.

If you add a header that the file wasn't scanned and needs
further processing, the trust factor is far less of an issue.

>
> Maybe you might explain to me why i get the feeling that you don't like
> the idea of my configuration. I am open to other / better ideas.
>

The idea is fine. I just don't see any reasonable way to
accomplish it with available tools.

If I've left anything significant out, be assured that someone
else will jump in here...

Good luck.

--
Noel Jones

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]