Hello Alberto, Friday, January 4, 2008, 6:50:55 PM, you wrote:
> Pete Thank you very much for your very exhaustive response! It's what we do. ;-) > Do you have any other information on this technology called Gauntlet that > seems me very very > interesting. There really isn't much more to it than what's been said. The concept has been around for several years now -- the details are platform and policy specific. We have it on the drawing board to include it as a feature in some platforms that we support - however that is a complicated piece of engineering since each platform is different and we support _MANY_ platforms. (sideline = put messages through the gauntlet) Consider just a few, for example: MDaemon calls SNF as a plugin and doesn't provide any simple (fool proof) method for message re-injection. Also, it is not clear that there is a friendly and reliable way to "sideline" the messages on this platform. We could sideline messages in IMail by parking the Q and D files in a special directory and then later re-processing them through SNF back to the spool... -- But, if Declude is present then we might instead wish to re-process the messages through the proc folder, and there are uncertainties about when and how to do this and how to pace it. -- If mxGuard is in place -- how would we re-process the messages at all? -- How could we ensure that virus scanning etc would be enabled (or not if desired?) SmarterMail could be handled (presumably) in a similar way to IMail except that the file structures are different as are a few assumptions about message processing and acceptable loads, etc. In Postfix systems we would need to create our own data structures to capture envelope information before we sidelined the message -- all that in addition to considerations of other processes that might be in place (without notice) and might need to be considered when we re-process the messages. Communigate systems store routing information in the message file itself which would simplify sidelining the messages but complicates the re-processing task - and again there are other processes that might be in place unannounced... ---- All that by way of illustrating that the concept of "Gauntlet" is powerful and simple to understand, but not so simple to implement. For now we've been describing it to folks and helping them implement versions of Gauntlet in their proprietary systems. With a bit of luck and elbow grease we will hopefully release utilities and/or special versions of SNF to support this on some platforms -- This is particularly attractive since the GBUdb engine produces signals that theoretically allow us to activate and deactivate (or desensitize) Gauntlet under specific conditions very accurately. Specifically, GBUdb can provide a clear signal for the presence of a spam storm by monitoring Black and Caution activity. GBUdb also provides ready statistics on IPs so that we can define which IPs not to sideline (when the IP is reasonably well known and reasonably unlikely to send spam). -- That's about all I can think of to say about it at this time (at least without some more specific questions). > > But I don't think that Mxguard can manage all of this you are explaining in > the message. That's probably true -- but not certain. Consider, for example, that your re-injection script could act just like IMail... * Drop the D file back into the spool * Drop the Q file back into the spool * IMMEDIATELY call mxGuard with the Q file in precisely the same way IMail does. In theory this would work for mxGuard or Declude since both programs would see this activity no differently than if IMail had just dropped a new message in for processing. That's a very big "In theory" -- because I've not tried it, but based on the available documentation the theory is sound. > I will try to write a CDM to solve my queue problems Please keep us posted. Thanks, _M -- Pete McNeil Chief Scientist, Arm Research Labs, LLC. ############################################################# This message is sent to you because you are subscribed to the mailing list <sniffer@sortmonster.com>. To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
