So, I have a two mailservers, #2 relays mail to #1 for some domains, but not all. Both have qmail-scanner on them. The thing that sucked was that when a message was relayed from #2 to #1, the message would essentially be scanned twice.
Yeah, I know I could have set up some identd rules to clear QMAILQUEUE on #1 the connection came from #2's IP, but I wanted to try something different. The result is pretty useful. It's called trusted clustering. Both servers have a trusted key of "foo" in their qmail-scanner-queue.pl file. When an email comes in to server #2, qmail-scanner runs and does its thing as normal. Then, it does an MD5 checksum of both the body of the message + the shared key. It then sets an header of X-MD5-Cluster-# with that checksum (where # is a number incrementing from 1). Now, when it arrives at server #1, qmail-scanner starts looking for X-MD5-Cluster-# headers, then compares them to its own body + key checksum. If they match, server #1 knows that another "trusted" server already scanned the message and it's clean, so it doesn't scan the message itself. It is safe to have multiple clusters. Let me explain: Say I send a message to Bob. My MTA has a cluster key of "foo"; it scans my outgoing message, tacks on the header X-MD5-Cluster-1, then sends it to Bob. Say Bob's MTA has a cluster key of "bar". The checksum is going to be different, so X-MD5-Cluster-1 will not match! No problem, that just means that Bob's MTA doesn't trust my MTA, so his MTA will just scan it again, AND add X-MD5-Cluster-2 with its checksum so any future passes to machines in MY cluster will match X-MD5-Cluster-1, while any passes to machines in HIS cluster will match X-MD5-Cluster-1. This is infinitely expandable; it will just keep adding X-MD5-Cluster-# headers. The patch is available at http://www.finnie.org/qmail-scanner/trusted-clustering.patch -- have fun! It would be cool to get this into the next qmail-scanner release; when it's turned off (default), it doesn't consume any extra resources, but when it's on, it requires Digest::MD5, and takes a millisecond or two extra to create the checksum. Of course this is offset by the fact that it doesn't have to do extra scans when it knows another trusted server already scanned it. Any question? Let me know. Ryan Finnie [EMAIL PROTECTED] ------------------------------------------------------- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com _______________________________________________ Qmail-scanner-general mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
