Hello list,

I've talked about this issue before here on this list and feel the setup can
be improved.  Quoting from the Q-S FAQ:

  1.. How do I make Qmail-Scanner only scan mail for some local domains?. 2
words: "MX records" :-) Put two IP addresses on your mail server, change the
MX records for those domains you want scanned go to one IP address, and the
rest to the other. Then you simply have an instance of qmail-smtpd running
on each address - one with QMAILQUEUE defined and one without. This is
*majorly* better than coding Qmail-Scanner to ignore certain addresses -
this way Qmail-Scanner isn't called at all for the domains you don't want to
protect.

I set this up, and while it works, it's a pain.  Esp. with a cluster of 4-5
mail servers...

It seems to me the best place to do this per-domain scanning (not local
users vs. external users) would be in TCPSERVER... just like what was
recommended if you wanted to scan/not scan local's/outside mail.  You wrote
a tcp.smtp file that had your internal (don't want to scan) IP's (such as
10.x.x.x) and set QMAILQUEUE="" then another rule for all other IP's to scan
":allow,QMAILQUEUE="/var/qmail/bin/qmailscanner-queue.pl"  etc...

Like I said, this works great for the difference between internal mail vs.
external...   It does nothing for setting scan/no scan on a per-domain
basis...  the on going consensus has been to use MX records to point to
different host IP's on the mail server, then run multiple instances of
qmail-smtpd (tcpserver on a per host basis) with a QMAILQUEUE set or
un-set...

I'm willing to look into some C coding for tcpserver, but I don't want to
re-invent someone else's work, or duplicate their efforts...  has anyone
done a patch to tcpserver that would basically give a new "-" option that
would bind tcpserver to specific IP's by reading in a .cdb file?  In the
process of reading that .cdb file, TCPSERVER would set/unset various env
vars.  Such as the QMAILQUEUE.  This would then allow true per-domain
scanning at a low level TCPSERVER point.  Much better than calling
qmail-scanner and looking at the domain there or having to run multiple
instances of qmail-smtpd/run  !  :)

I'll take this patch on if no one else has done something like this.  I'm
certainly no C guru though, so I don't want to waste my time if someone's
done it already or has a better idea.

Thoughts?



_______________________________________________________________

Don't miss the 2002 Sprint PCS Application Developer's Conference
August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm

_______________________________________________
Qmail-scanner-general mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general

Reply via email to