On Thursday, March 24, 2005, 12:03:50 PM, William wrote: WVH> Pete,
WVH> Since Sniffer is used in Imail mainly for determining whether or not a mail WVH> should be deleted (not rejected), keeping such stuff out of your rules makes WVH> perfect sense. I think that deletion and rejection are like apples and WVH> oranges, to a certain extent. Both have their place. They work best in WVH> conjunction with one another, I feel. I don't believe that Sniffer even can WVH> be used in any MTA as a reject test, because it has to test the entire WVH> message. Please correct me if I am wrong on that one though. There are a few systems that are working on using the SNF engine to block messages during the SMTP session based on some small fraction of the DATA. They either break the connection or reject after DATA. These same systems typically block further connections the IP temporarily if it violates this or some other range of policies. (This is not the standard SNF utility, but rather a modified use of the engine - one of the reasons the engine is currently open source.) Granted, this scanning doesn't happen during the envelope phase of the SMTP conversation, but it does generally happen before more than one or two packets have been transferred - so it's not that far off from the network's perspective. Also - It's not exactly the same thing, but at one time Len reported positive results by pusing IPs up to IMGate when SNF failed messages in IMail. This same think can be done right inside Postfix by putting SNF there - though I've not scripted such a thing myself. _M To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
