Re: [Clamav-users] Easiest/best sendmail integration
On Fri, 7 May 2004, Noel Jones wrote: At 12:27 PM 5/7/04, Mike Lambert wrote: The advantage is sending a 5xx reject instead of a 2xx message accepted for delivery to the connecting mta. It is now up to the connecting mta to deal with the message. It does reduce bandwidth if you reject before receiving the whole message. I don't know if clamav does this, but if it can, it should. No, it won't save bandwidth. Once the client sends DATA and you reply go ahead, you must wait for the DOT to 550 them. If you break the connection before all the data has been sent, even if you send a response code the client will see a dropped connection and (correctly) attempt to send the whole message again. Hmmm, appears to have been a bad assumption on my part. Thank you the correction. Mike Lambert --- This SF.Net email is sponsored by Sleepycat Software Learn developer strategies Cisco, Motorola, Ericsson Lucent use to deliver higher performing products faster, at low TCO. http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] Easiest/best sendmail integration
What is the simplest and best solution for providing virus detection of incoming email using Clamav with sendmail both assuming I don't have milter and that I do? RedHat and Fedora have a sendmail-devel package that includes the milter support (provided Sendmail is new enough). It installs in just a few seconds and should solve the failure to detect libmilter. --- This SF.Net email is sponsored by Sleepycat Software Learn developer strategies Cisco, Motorola, Ericsson Lucent use to deliver higher performing products faster, at low TCO. http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Easiest/best sendmail integration
On Fri, 7 May 2004, Antony Stone wrote: On Friday 07 May 2004 12:49 pm, Dan O'Brien wrote: What is the simplest and best solution for providing virus detection of incoming email using Clamav with sendmail both assuming I don't have milter and that I do? I like http://www.mailscanner.info If I understand MailScanner correctly, the mta must accept the message before passing to MailScanner for processing. If you don't mind accepting every single message, MailScanner would be fine. If, like me, you prefer to 5xx reject messages that you don't like (virus, spam, whatever), a milter is required for sendmail. MimeDefang would offer similar functionality to MailScanner, but operate during the smtp session, not after your mta has accepted the message. -- Michael Lambert Systems Admin, IT Dept JEOL USA Inc http://www.jeol.com --- This SF.Net email is sponsored by Sleepycat Software Learn developer strategies Cisco, Motorola, Ericsson Lucent use to deliver higher performing products faster, at low TCO. http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Easiest/best sendmail integration
On Friday 07 May 2004 2:14 pm, Mike Lambert wrote: On Fri, 7 May 2004, Antony Stone wrote: On Friday 07 May 2004 12:49 pm, Dan O'Brien wrote: What is the simplest and best solution for providing virus detection of incoming email using Clamav with sendmail both assuming I don't have milter and that I do? I like http://www.mailscanner.info If I understand MailScanner correctly, the mta must accept the message before passing to MailScanner for processing. That is true. If you don't mind accepting every single message, MailScanner would be fine. If, like me, you prefer to 5xx reject messages that you don't like (virus, spam, whatever), a milter is required for sendmail. MimeDefang would offer similar functionality to MailScanner, but operate during the smtp session, not after your mta has accepted the message. But, what is the advantage of this? It does not reduce your bandwidth by avoiding transfer of unwanted emails, since your milter has to see enough of the content to decide not to accept it. I can't think of any benefit in rejecting the message rather than receiving it and discarding it? Regards, Antony. -- This is not a rehearsal. This is Real Life. Please reply to the list; please don't CC me. --- This SF.Net email is sponsored by Sleepycat Software Learn developer strategies Cisco, Motorola, Ericsson Lucent use to deliver higher performing products faster, at low TCO. http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Easiest/best sendmail integration
What is the simplest and best solution for providing virus detection of incoming email using Clamav with sendmail both assuming I don't have milter and that I do? Clamav does it all itself no need for another solution, look in .../clamav-milter/INSTALL. -Nigel -- Nigel Horne. Arranger, Composer, Typesetter. NJH Music, Barnsley, UK. ICQ#20252325 [EMAIL PROTECTED] http://www.bandsman.co.uk --- This SF.Net email is sponsored by Sleepycat Software Learn developer strategies Cisco, Motorola, Ericsson Lucent use to deliver higher performing products faster, at low TCO. http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Easiest/best sendmail integration
Antony Stone wanted us to know: accepting every single message, MailScanner would be fine. If, like me, you prefer to 5xx reject messages that you don't like (virus, spam, But, what is the advantage of this? It does not reduce your bandwidth by No it does not reduce the bandwidth, however it does reduce the size of your queue. You should not ever let an email touch the surface of your disk if you do not want to accept it. the content to decide not to accept it. I can't think of any benefit in rejecting the message rather than receiving it and discarding it? In the event of false positives, *THEIR* logs say that it was rejected as opposed to trying to figure out why something was accepted but the end user is never receiving it. -- Regards... Todd They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety. --Benjamin Franklin Linux kernel 2.6.3-8mdkenterprise 3 users, load average: 0.03, 0.01, 0.00 --- This SF.Net email is sponsored by Sleepycat Software Learn developer strategies Cisco, Motorola, Ericsson Lucent use to deliver higher performing products faster, at low TCO. http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Easiest/best sendmail integration
On Fri, 7 May 2004, Antony Stone wrote: On Friday 07 May 2004 2:14 pm, Mike Lambert wrote: If I understand MailScanner correctly, the mta must accept the message before passing to MailScanner for processing. That is true. If you don't mind accepting every single message, MailScanner would be fine. If, like me, you prefer to 5xx reject messages that you don't like (virus, spam, whatever), a milter is required for sendmail. MimeDefang would offer similar functionality to MailScanner, but operate during the smtp session, not after your mta has accepted the message. But, what is the advantage of this? It does not reduce your bandwidth by avoiding transfer of unwanted emails, since your milter has to see enough of the content to decide not to accept it. The advantage is sending a 5xx reject instead of a 2xx message accepted for delivery to the connecting mta. It is now up to the connecting mta to deal with the message. It does reduce bandwidth if you reject before receiving the whole message. I don't know if clamav does this, but if it can, it should. I can't think of any benefit in rejecting the message rather than receiving it and discarding it? Again, the advantage is sending 5xx instead of 2xx. IMO, giving the connecting mta a status code appropriate to the message disposition is better than simply accepting _all_ messages only to drop some later (I do not consider generating a separate bounce message to be an option). The sending mta should deal with rejected messages, not the receiving (rejecting) mta. -- Michael Lambert Systems Admin, IT Dept JEOL USA Inc http://www.jeol.com --- This SF.Net email is sponsored by Sleepycat Software Learn developer strategies Cisco, Motorola, Ericsson Lucent use to deliver higher performing products faster, at low TCO. http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Easiest/best sendmail integration
At 12:27 PM 5/7/04, Mike Lambert wrote: But, what is the advantage of this? It does not reduce your bandwidth by avoiding transfer of unwanted emails, since your milter has to see enough of the content to decide not to accept it. The advantage is sending a 5xx reject instead of a 2xx message accepted for delivery to the connecting mta. It is now up to the connecting mta to deal with the message. It does reduce bandwidth if you reject before receiving the whole message. I don't know if clamav does this, but if it can, it should. No, it won't save bandwidth. Once the client sends DATA and you reply go ahead, you must wait for the DOT to 550 them. If you break the connection before all the data has been sent, even if you send a response code the client will see a dropped connection and (correctly) attempt to send the whole message again. Yes, it's useful and good to 550 the message during SMTP rather than accept and later discard it, but it won't save you bandwidth. -- Noel Jones --- This SF.Net email is sponsored by Sleepycat Software Learn developer strategies Cisco, Motorola, Ericsson Lucent use to deliver higher performing products faster, at low TCO. http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Easiest/best sendmail integration
On Fri, 2004-05-07 at 18:27, Mike Lambert wrote: Again, the advantage is sending 5xx instead of 2xx. IMO, giving the connecting mta a status code appropriate to the message disposition is better than simply accepting _all_ messages only to drop some later (I do not consider generating a separate bounce message to be an option). The sending mta should deal with rejected messages, not the receiving (rejecting) mta. Sorry, this is really far too long! Disclaimer: I use MailScanner, I've also contributed to MailScanner and am the current lead developer on MailScanner-MRTG (a GPL'd monitoring tool for MailScanner servers). Obviously my opinion isn't unbiased (although I hope not totally one-sided), but I'd like to throw some often overlooked points into the mix. I don't think that there is necessarily a right or wrong answer to this one, nor is one solution necessarily best for everyone. I do agree that where a message is undeliverable (because of bad addressing, disabled accounts etc) this should be handled by a rejecting at the RCPT stage by the first MTA with the ability to make such a judgement (Since this is a matter of MTA configuration this shouldn't be an issue in the milter vs queue argument). Where the decision to reject is based on the application of policy to the content of a message (whether that be the application of virus scanning, spam filtering, file name/type filtering, other message content filtering, attachment size restrictions etc.) it is not necessarily so clear cut. I would not advocate bouncing spam or viruses as this causes a nuisance, however where a message is blocked due to pure policy descisions (for example we block mpegs) then a clear and helpful bounce message is a courtesy. I appreciate that for members of the list understanding a reject message generated by an MTA is trivial, but many users find it much less acccessible (not to mention getting confused about why their own mailserver appears to have rejected their message - when in fact it is merely reporting the rejection by the destination mailserver). A good proportion of mail passes through multiple MTA's on route, especially given the current spam/ virus tactics of delivering to secondary MX's many of which simply store and forward. I imagine that dealing with 5xx rejects of spam and viruses (usually with forged senders) is a growing burden for ISP's who offer a secondary MX store and forward service. I hope that at least some milters have the ability to discard rather than simply reject certain classes of unwanted mail. Its often overlooked that 5xx rejecting only pushes the problem back upstream, and this is not necessarily to the point of origin (as anyone who has ever been joe-jobbed will appreciate all too well). So by not accepting the mail you may be part of the problem rather than part of the solution [I'm not saying thats my opinion, I'm on the fence on that one - no flames please!]. There is however a fine line to walk, just discarding mail is a dangerous path to tread and certainly not one we choose to take. Our policy is not to bounce spam or virus. Spam mails are tagged (and stripped of html content to avoid offending people), so the recipient can filter in their MDA. Viruses are removed (or disinfected in the case of the now rare macro viruses) and the recipient notified with any deliverable portion of the mail included, except in the case of outgoing mail, where we can be reasonably sure who the sender is and notify them instead. There are also technical concerns with both methods. Others have raised technical concerns about MailScanner's approach so I won't duplicate them here. Because milters scan the mail during the SMTP transaction they need to be fairly swift about it, so that the sending server doesn't give up on them, and also out of courtesy to the senders organisation (who want's dozens of MTA processes all waiting while the recipient takes several minutes to do umpteen checks?) Please don't misunderstand me, I'm not saying that this is always the case - just that there is a risk of processing time becoming unacceptably long during times of unusually heavy load. MTA's generally restrict the maximum number of threads, so slow processing can result in mail not being delivered. Typically this pushes the problem back upstream again, if upstream happens to be the spammers server of the infected PC then this is good as its quite likely they won't attempt another delivery, if not then this is just creating problems for others [again, good or bad you decide]. On the other hand with MailScanner the MTA handles the mail as quickly as it can, making SMTP sessions as short a possible. This does mean at times of heavy load there can be a backlog in the incoming queue, and your server may be at full pelt trying to catch up, however mail is processed as soon as possible and in the order it arrived so mail will be delivered at the earliest opportunity (with the milter model the
Re: [Clamav-users] Easiest/best sendmail integration
What is the simplest and best solution for providing virus detection of incoming email using Clamav with sendmail both assuming I don't have milter and that I do? Read the docs and pick your poisen. Easy: recompile Sendmail to have Milter compile Clamav with milter. If you don't have something and you're root you'll make sure you get it :) B. --- This SF.Net email is sponsored by Sleepycat Software Learn developer strategies Cisco, Motorola, Ericsson Lucent use to deliver higher performing products faster, at low TCO. http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] Easiest/best sendmail integration
Hello, I am installing Clamav 0.70 on a webhost virtual private server configuration running Redhat V??. First glance indicates that the installed Sendmail does not have Milter support installed (libmilter not found by configure). I'm working my way through the documentation and third party solutions on clamav.net. What is the simplest and best solution for providing virus detection of incoming email using Clamav with sendmail both assuming I don't have milter and that I do? Thanks a lot! Kalin Wilson --- This SF.Net email is sponsored by Sleepycat Software Learn developer strategies Cisco, Motorola, Ericsson Lucent use to deliver higher performing products faster, at low TCO. http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users