Re: [vchkpw] Log all email per domain & antivirus that notifies recipients
Thank you to all that replied. I'll take a look at qmail-scanner, simscan and QMVC as suggested. In case someone follows this thread in the future, I want to mention that I used the technique referenced via http://cr.yp.to/qmail/faq/admin.html#copies successfully for years. Then I decided to implement virtual domains via vpopmail, and couldn't make it work in the virtual environment, even to a single log for all domains. I don't recall all the tests I ran, but I eventually gave up trying to make it work. There's no logic that I can find to make it support a log per virtual domain in any case. Because the sender of the infected mails is the Texas Court system, normal logic rules don't apply. If the courts have a record of sending a particular email, they record it as successfully contacting the attorneys for the case. If the receiving MTA trashes that email due to a virus, and some court date is missed or document isn't filed as a result, the courts are blameless. Therefore, only something that warns the recipient (clerk @ attorney's office) is of any value, and that warning MUST at a minimum contain the Subject: line as that's the only identifier for what case is involved. If there were a way of eliminating only that portion of the email payload that was infected, and allowing the remainder to hit the recipients inbox, that would be the best solution. Rebuilding an email of only the clean portions isn't something that exists as far as I'm aware. As an aside, how would you like being on the receiving end of this set up? Your case is before the courts, and a virus or anything else disrupts the flow of email. You are, in effect, "guilty" because something didn't happen as it should have because the courts have declared that email is a guaranteed delivery mechanism. This system is coming to your state, as Texas was used as the test site. This idea is so bad that foreign governments are also likely to pick it up. -- Bill Gradwohl [EMAIL PROTECTED] http://www.ycc.com SPAMstomper Protected email
Re: [vchkpw] Log all email per domain & antivirus that notifies recipients
Hi, At 11:43 23.09.04 +0300, you wrote: >Erwin Hoffmann wrote: > >> Hi, >> >> most - if not all - of your requirements are met by my QMVC >> (http://www.fehcom.de/qmail/qmvc.html). >> >> Inbound is trivial, outbound can be done via a 2nd Qmail instance. >> > >Umm.. Excuse me, but both inbound and outbound logging are already >covered by stock qmail (http://cr.yp.to/qmail/faq/admin.html#copies) If you look again at the URL you mentioned and compare it with: http://www.fehcom.de/qmail/qmvc/qmvclog_20030102.html you will realize that "logging" != "logging" (sorry for the bad math). >Whatever he will use as a MDA to check if the messages will be actualy >stored to the logging account or just ignored is his choice, either it >be procmail/maildrop/qmvc whatever :) > >And simscan 1.0 has support for per-domain avir/spam. yeah. Have to have a lookt at it. regards. --eh. Dr. Erwin Hoffmann | FEHCom | http://www.fehcom.de/ Wiener Weg 8, 50858 Cologne | T: +49 221 484 4923 | F: ...24
Re: [vchkpw] Log all email per domain & antivirus that notifies recipients
Erwin Hoffmann wrote: Hi, most - if not all - of your requirements are met by my QMVC (http://www.fehcom.de/qmail/qmvc.html). Inbound is trivial, outbound can be done via a 2nd Qmail instance. Umm.. Excuse me, but both inbound and outbound logging are already covered by stock qmail (http://cr.yp.to/qmail/faq/admin.html#copies) Whatever he will use as a MDA to check if the messages will be actualy stored to the logging account or just ignored is his choice, either it be procmail/maildrop/qmvc whatever :) And simscan 1.0 has support for per-domain avir/spam. yeah. -- +---+ | Kiril Todorov <+> System::Network Administrator | +---+ | /* waiting... dreaming... wishing... */ | +---+
Re: [vchkpw] Log all email per domain & antivirus that notifies recipients
Hi, most - if not all - of your requirements are met by my QMVC (http://www.fehcom.de/qmail/qmvc.html). At 14:14 22.09.04 -0500, you wrote: >Two issues: >1) Using qmail & vpopmail, what methods are available to log all inbound >and outbound email PER VIRTUAL DOMAIN? Inbound is trivial, outbound can be done via a 2nd Qmail instance. >2) We also need a way to notify the recipient of an email that contained >a virus that the infected email was destroyed, and that it came from >[EMAIL PROTECTED] with a subject line of whatever it was. QMVC allows per-domain specific filter/configuratoin profiles and message templates. >We have a law firm that wants to record all their communications in both >directions. We are capturing inbound emails by appending >&[EMAIL PROTECTED] to the end of everyones .qmail file. >What's missing is a way to capture the outbound emails. > >Texas courts are currently in the process of requiring attorneys to use >email to file and update their cases. They are using email as though it >was a guaranteed delivery mechanism even though we all know it isn't. >This pilot project is expected to go nationwide soon. > >When the courts send out an email containing a virus (they use Windows >boxes), the normal thing for a receiving MTA's virus checker to do is >silently throw that email away and not notify anyone. In this case >however, that email has legal ramifications so that either we have to >let the infected email pass thru the server, extract only the infected >portion of the email leaving the rest intact (no idea how to do that), >or throw it away but notify the recipient of what was done. The subject >line of these emails contains a case number that could be used as follow >up by the receiving clerk at the law firm. > >We currently use qscanq to call clamav for the heavy lifting, but that >approach doesn't offer a way to notify anyone of what happened to an >infected email - at least not any way I know of. clamav is is natively support by QMVC. >We'd like solutions that have per virtual domain granularity so other >domains on the box don't have to do things the same way. With QMVC you have - per virtual-domain configuration, - per virtual-domain processing + logging, archiving of logfiles, - per virtual-domain analysis, QMVC html'ized logfiles can be make public. >Suggestions? See above. regards. --eh. Dr. Erwin Hoffmann | FEHCom | http://www.fehcom.de/ Wiener Weg 8, 50858 Cologne | T: +49 221 484 4923 | F: ...24
Re: [vchkpw] Log all email per domain & antivirus that notifies recipients
On Wednesday 22 September 2004 02:14 pm, Bill Gradwohl wrote: > Two issues: > 1) Using qmail & vpopmail, what methods are available to log all inbound > and outbound email PER VIRTUAL DOMAIN? http://cr.yp.to/qmail/faq/admin.html#copies > 2) We also need a way to notify the recipient of an email that contained > a virus that the infected email was destroyed, and that it came from > [EMAIL PROTECTED] with a subject line of whatever it was. [snip] > When the courts send out an email containing a virus [...] This never happens. However, qmail-scanner can be configured for different notifications. I, personally, use --notify admin, and the admin address is a virus notification dropbox that I check occasionally. If you're using qmail-scanner, I highly recommend to NOT notify anyone other than 'admin'.. because if you notify the sender, you're just spamming an innocent party, and if you notify the recipient, since they have little to no knowledge about how internet mail works, they might freak out and think that someone has stolen their email address or whatnot. Things such as virus notifications are best left to those with a clue. -Jeremy -- Jeremy Kitchen ++ Systems Administrator ++ Inter7 Internet Technologies, Inc. [EMAIL PROTECTED] ++ www.inter7.com ++ 866.528.3530 ++ 815.776.9465 int'l kitchen @ #qmail #gentoo on EFnet ++ scriptkitchen.com/qmail GnuPG Key ID: 481BF7E2 ++ scriptkitchen.com/kitchen.asc pgpc51TYLvJAl.pgp Description: PGP signature
Re: [vchkpw] Log all email per domain & antivirus that notifies recipients
On Wednesday 22 September 2004 02:14 pm, Bill Gradwohl wrote: > Two issues: > 1) Using qmail & vpopmail, what methods are available to log all inbound > and outbound email PER VIRTUAL DOMAIN? > 2) We also need a way to notify the recipient of an email that contained > a virus that the infected email was destroyed, and that it came from > [EMAIL PROTECTED] with a subject line of whatever it was. > > We have a law firm that wants to record all their communications in both > directions. We are capturing inbound emails by appending > &[EMAIL PROTECTED] to the end of everyones .qmail file. > What's missing is a way to capture the outbound emails. > > Texas courts are currently in the process of requiring attorneys to use > email to file and update their cases. They are using email as though it > was a guaranteed delivery mechanism even though we all know it isn't. > This pilot project is expected to go nationwide soon. > > When the courts send out an email containing a virus (they use Windows > boxes), the normal thing for a receiving MTA's virus checker to do is > silently throw that email away and not notify anyone. In this case > however, that email has legal ramifications so that either we have to > let the infected email pass thru the server, extract only the infected > portion of the email leaving the rest intact (no idea how to do that), > or throw it away but notify the recipient of what was done. The subject > line of these emails contains a case number that could be used as follow > up by the receiving clerk at the law firm. > > We currently use qscanq to call clamav for the heavy lifting, but that > approach doesn't offer a way to notify anyone of what happened to an > infected email - at least not any way I know of. > > We'd like solutions that have per virtual domain granularity so other > domains on the box don't have to do things the same way. > > Suggestions? simscan might be able to do it. It has per domain support for clamav and spamassassin. A virus causes clamav->simscan->qmail-smtpd to tell the sender MTA to send a bounce message back to the sender with a virus warning message. This is via the standard smtp protocol. simscan would need some "clean message" code to send through the de-infected message. ripmime will rip the message, if there is an un-rip message program we could problaby write the code. We also might be able to cobble up some code to email a report to someone. Ken Jones Ken Jones
Re: [vchkpw] Log all email per domain & antivirus that notifies recipients
qmail-scanner can be configured to notify the sender and the recipient of the infected email. On Wed, 22 Sep 2004 14:14:29 -0500, Bill Gradwohl <[EMAIL PROTECTED]> wrote: > Two issues: > 1) Using qmail & vpopmail, what methods are available to log all inbound > and outbound email PER VIRTUAL DOMAIN? > 2) We also need a way to notify the recipient of an email that contained > a virus that the infected email was destroyed, and that it came from > [EMAIL PROTECTED] with a subject line of whatever it was. > > We have a law firm that wants to record all their communications in both > directions. We are capturing inbound emails by appending > &[EMAIL PROTECTED] to the end of everyones .qmail file. > What's missing is a way to capture the outbound emails. > > Texas courts are currently in the process of requiring attorneys to use > email to file and update their cases. They are using email as though it > was a guaranteed delivery mechanism even though we all know it isn't. > This pilot project is expected to go nationwide soon. > > When the courts send out an email containing a virus (they use Windows > boxes), the normal thing for a receiving MTA's virus checker to do is > silently throw that email away and not notify anyone. In this case > however, that email has legal ramifications so that either we have to > let the infected email pass thru the server, extract only the infected > portion of the email leaving the rest intact (no idea how to do that), > or throw it away but notify the recipient of what was done. The subject > line of these emails contains a case number that could be used as follow > up by the receiving clerk at the law firm. > > We currently use qscanq to call clamav for the heavy lifting, but that > approach doesn't offer a way to notify anyone of what happened to an > infected email - at least not any way I know of. > > We'd like solutions that have per virtual domain granularity so other > domains on the box don't have to do things the same way. > > Suggestions? > > -- > Bill Gradwohl > [EMAIL PROTECTED] > http://www.ycc.com > >
[vchkpw] Log all email per domain & antivirus that notifies recipients
Two issues: 1) Using qmail & vpopmail, what methods are available to log all inbound and outbound email PER VIRTUAL DOMAIN? 2) We also need a way to notify the recipient of an email that contained a virus that the infected email was destroyed, and that it came from [EMAIL PROTECTED] with a subject line of whatever it was. We have a law firm that wants to record all their communications in both directions. We are capturing inbound emails by appending &[EMAIL PROTECTED] to the end of everyones .qmail file. What's missing is a way to capture the outbound emails. Texas courts are currently in the process of requiring attorneys to use email to file and update their cases. They are using email as though it was a guaranteed delivery mechanism even though we all know it isn't. This pilot project is expected to go nationwide soon. When the courts send out an email containing a virus (they use Windows boxes), the normal thing for a receiving MTA's virus checker to do is silently throw that email away and not notify anyone. In this case however, that email has legal ramifications so that either we have to let the infected email pass thru the server, extract only the infected portion of the email leaving the rest intact (no idea how to do that), or throw it away but notify the recipient of what was done. The subject line of these emails contains a case number that could be used as follow up by the receiving clerk at the law firm. We currently use qscanq to call clamav for the heavy lifting, but that approach doesn't offer a way to notify anyone of what happened to an infected email - at least not any way I know of. We'd like solutions that have per virtual domain granularity so other domains on the box don't have to do things the same way. Suggestions? -- Bill Gradwohl [EMAIL PROTECTED] http://www.ycc.com