[PLUG] On the topic of spam & MS-virii

Wil Cooley wcooley at nakedape.cc
Fri Feb 6 19:23:02 UTC 2004 

On Fri, 2004-02-06 at 18:04, AthlonRob wrote:
> On Fri, 2004-02-06 at 17:36, Wil Cooley wrote:
> 
> > I don't follow the Postfix list closely anymore, but I last heard there
> > was experimental support in the snapshots for using the content_filter
> > mechanism at SMTP-time. You have to be careful with that though; some
> > SMTP servers have rather low time-outs, so you'd have to only use
> > reasonably fast checks.
> 
> I'll check in to that when I get the time... and the time keeps getting
> shorter.  :-)
> 
> How long ago, do you recall, that this was in the snapshots?

It's still there; you can read about it in the 'SMTPD_PROXY_README'.

> Also, how long is 'rather low' as far as time-outs go?  I regularly have
> checks exceed three seconds, sometimes they get as high as four or five
> seconds... very rarely higher than that.  SA is the killer there; I
> suppose I could filter for viruses (really fast/cheap in CPU cycles) in
> one pass, during the SMTP session, then filter everything that survives
> that through SA.  I do get more viruses than spams.

I would actually use SA checks, but only local ones (and maybe tuned
only for the fastest checks) and skip the virus-checks; while virus
checks are generally pretty fast, it's posible that they can take much
longer.  amavisd-new only checks messages <64k for spam by default
(tunable), so as long as remote checks are disabled, there's a ceiling
on how long it can take.

> What happens if the sending server times me out, I wonder?  Would it
> just attempt to connect again, silently drop, or what?

Generally the server will disconnect and retry later; that's the way
SMTP is supposed to work to be reliable.

Wil
-- 
Wil Cooley                                 wcooley at nakedape.cc
Naked Ape Consulting                        http://nakedape.cc
* * * * Linux, UNIX, Networking and Security Solutions * * * *
* Naked Ape Consulting                   http://nakedape.cc  *
* Contract Sys Admin               http://nakedape.cc/r/csa  *
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://lists.pdxlinux.org/pipermail/plug/attachments/20040206/573ed11b/attachment.asc>

More information about the PLUG mailing list