>Mostly just throwing ideas around(too much free time on my hands). I will
>probably use the separate AV server concept.
I'll drink to that.
>Reason: If the AV server
>fails, then the next thing in the MX record is direct to the mail server.
Well, no. I assume that if one is serious about securing mail with AV
scanning, then securing mail with anti-spam is included, too.
Neither Imail or AV scanner should be in MX records, but two IMGate
machines as MX 1 and 2, or one IMGate machine on-site as MX 1 and another
machine offsite as MX 2. IMGate blocks a ton of spam (but not all) and
hostnames with broken DNS setups and no reverse zone setups, blocks msgs
which exceed your max msg SIZE setting, so the AV scanner isn't directly
taking incoming mail (AV scanner seem to have little or no anti-spam or
open-relay or DNS validation features). IMGate just has too many
advantages, and no out of pocket cost, to ignore.
>quickly. My point: Someone with some programming experience should come up
>with some nice code to extract relevant items from the Imail logs...not just
As you probably know or guess, all of these pb's have been addressed in the
Unix world. There are many log scanning tools, but one I have my eye on is:
http://www.cert.dfn.de/eng/logsurf/
but I haven't played with it, yet.
>totals for the day as in the existing code on the Imail support site, but an
>organized, detailed, yet immediately available listing of stats --
"immediately" is the key word. Since users usually don't know they have a
mail pb until, let's say, an hour has passed (I sent mail that wasn't
received, I haven't received a mail I know was sent) and then they retry
the mail, "near real-time" mail log analysis is good enough.
Besides the Imail sysMMDD.txt log with SMTP and POP3 info, another feature
that needs "instrumenting" is the Imail mail queue, since buildup there
indicates delivery pbs, both remote and local (eg, I had local delivery
pb's just two days ago when my personal .mbx file got locked, I think in a
conflict with Norton Speed Disk. It took me 20 or 30 minutes to realize the
my mail checks were finding no mail (ie, that's the "near real time"
window) and then some more minutes to jump around in the dark trying to get
my .mbx unlocked. Not sure how I did it.)
>little VB script could do the trick. I'd write it myself but unfortunately
>I'm not smart enough(stunning self realization).
>
>2 Why the f**k is virus scanning software for mail gateways so expensive?
There aren't a lot of suppliers of AV scanners for SMTP gateways and they
know that their market is not the mass market but the professional market
of ISP' and corps. The price follows.
I think we can achieve, at least, 80% or 90% of AV scanning effectiveness
of the multi-$1000 "corporate brand" AV scanners by using a $99 pkg from
www.KasperskyLab.ru on FreeBSD (or Linux). I hope to get mine running in
July and I will document it on the IMGate site.
So my objective for my ISP is this mail infrastructure:
1. IMGate MX 10 ; done
2. IMGate MX 20 ; done
3. IMGate + Kapsperksy scanner for incoming mail ; todo
4. IMail ; done
5. IMGate + Kapsperksy scanner for outgoing mail ; todo
6. IMGate outbound-only delivery gateway ; not done, but easy to do when
MX 10 becomes overloaded.
Len
Len
http://BIND8NT.MEIway.com: ISC BIND 8 installable binary for NT4
http://IMGate.MEIway.com: Build free, hi-perf, anti-spam mail gateways
Please visit http://www.ipswitch.com/support/mailing-lists.html
to be removed from this list.
