On Tue, Nov 21, 2000 at 11:25:36PM +0100, Johan Van Gompel wrote:
> Qmail will be the first preverbial victim. The now a year and a half old
> 'ye
> standard qmail build' will have to replaced by something more enhanced.
Why? Is it broken?
> (1) check if a FQDN exists for the sender's IP (if not: no go);
Are you talking about doing a lookup on the sender domain name? Not
much point to doing that since the vast majority of spam uses legitimate
but faked sender addresses.
> (2) allow POP3 access via SSL only;
Use a SSL wrapper.
> (3) extract any mail attachment and check it for various things;
> (viruses, unallowed extensions, etc.)
We use a fairly simple scanner that rejects anything with an attachment
that would be executable by Windoze -- exe, VBScript, etc. It's worked
great for us. There are some tools for doing this at
http://em.ca/~bruceg/qmail-qfilter/
> (4) support delivery to same users at different domains;
<plug> http://www.vmailmgr.org/ </plug>
> (5) allow only a more rigid form of authentication;
> (e.g. POP-before-SMTP)
<plug> http://em.ca/~bruceg/relay-ctrl/ </plug>
> Are there any patches that I should really consider?
Depends what your target environment is. If you aren't handling
hundreds of thousands of messages a day, most if not all of the "big"
patches are irrelevant (big-todo, big-concurrency). If you're running
on Linux, you'll want to link against a library that provides
synchronous directory operations (like http://em.ca/~bruceg/syncdir/) or
else you lose reliability. Everything else should wait until you know
you need it.
--
Bruce Guenter <[EMAIL PROTECTED]> http://em.ca/~bruceg/
PGP signature
