[PLUG] On the topic of spam & MS-virii

AthlonRob AthlonRob at axpr.net
Fri Feb 6 19:53:02 UTC 2004


On Fri, 2004-02-06 at 19:22, Wil Cooley wrote:
 
> > How long ago, do you recall, that this was in the snapshots?
> 
> It's still there; you can read about it in the 'SMTPD_PROXY_README'.

I was hoping it had made it into the mainline release... guess not.

It looks very interesting, and quite useful.

> I would actually use SA checks, but only local ones (and maybe tuned
> only for the fastest checks) and skip the virus-checks; while virus
> checks are generally pretty fast, it's posible that they can take much
> longer.  amavisd-new only checks messages <64k for spam by default
> (tunable), so as long as remote checks are disabled, there's a ceiling
> on how long it can take.

Here's how I'm envisioning my setup with this SMTPD_PROXY...

Backup MX box - figure out how to run it all through SpamAssassin, local
checks only.  The box is limited in the RAM department.

Main mail server - two amavisd-new's running.  The main one stays as it
is.  It does full virus scanning, local and remote spam checking.  The
second one becomes the proxy one - it'll run only local spam checks and,
if I can swing it, virus checks.  I'd like to configure the virus checks
to time out at 500ms and *not* error if they time out.  I'm not sure if
such a facility exists for that yet... might need to hack things up a
bit.

That would, of course, be a bit redundant.  Local spam checks would be
run twice.  The first half second of any virus scans would be run
twice.  It would be nice to configure it such that the virus scans would
only be run once if they completed successfully on the first run, but
I'm relatively confident that would require more hacking than I want to
toss into this right now.

However redundant it may be, I feel it would be more effective; most of
the spam and viruses would be caught at the front door, so to speak... I
wouldn't be responsible for the bounce messages (or lack thereof)
reducing the risk of false positives going unreported.  Things that made
it through to the second tier... I would still be left with the initial
issue - to bounce or not to bounce?  ...but it would be far less
important, as the big popular viruses out there today could be blocked
with local SA rules if the virus scanner takes too long.

Nice.

Now, to implement such a thing might be more of a pain in the ass than
thinking it up.  :-)

Anybody see any obvious problems with that idea?  FWIW, the mail server
is terribly underloaded.  :-)

Thanks for planting the seed and directing me towards the
SMTPD_PROXY_README, Wil!

Rob





More information about the PLUG mailing list