Know any MTAs that write to disk during or before DATA? How are you going toThe current setup I'm working with is Exim using Exiscan-acl and Kaspersky AVD/SpamAssassin.. It _does_ have this feature. The speed issue with virus scanners that are used by, say, Amavis, is that the virus database is loaded _every time_ you get a mail ( because they use the scanner, like kavscanner ). This would obviously make checking at SMTP DATA time useless. However, because this uses kavdaemon, which loads the virus database once, the virus scanning is very fast ( and also extracts all archives without a middle-man amavis setup - even faster ).
guarantee that your MTA -> AV/SPAM protocol/connection won't fail? How do
you communicate that failure to the MTA? What should the MTA do? What
Of course, it would be stupid to bounce back virus/spam emails. What happens if the address is ( and it most likely would be ) forged? You'll send a mail to that address, which will send mail back to you complaining that it doesn't know who you're sending it to. Bad - not an option. The other option is to _completely_ ignore the email - send no bounces at all. If we're going to scan our emails for spam/viruses, is there any _real_ disadvantage to doing this at SMTP time? Is there any difference to rejecting it at SMTP time ( for the mail servers like QMail, Exim, Postfix, etc which _do_ bounce back themselves ) than just rejecting the email locally and sending nothing back? At least the users using good MTA's will receive a bounce - we don't get an endless mail loop - and we don't need to run things once the transaction is complete.
With the exim setup, if the virus scanner/spam scanner fails the MTA reponds with a "temporary local error - try again later" error. Here I have an old Postfix install with Amavis and a new install on a LAN server with the Exim setup. When I send a mail to the exim server with eicar through the Postfix server, I get a response from Postfix saying that it tried and failed, and lists the error that Exim sent. This happens if the AV daemon fails, if spamd fails, or if AV/spamassassin finds a virus/spam ( the error message varies, of course ).
--- Kind Regards,
Theo Julienne -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
