On Wednesday 22 September 2004 02:14 pm, Bill Gradwohl wrote: > Two issues: > 1) Using qmail & vpopmail, what methods are available to log all inbound > and outbound email PER VIRTUAL DOMAIN? > 2) We also need a way to notify the recipient of an email that contained > a virus that the infected email was destroyed, and that it came from > [EMAIL PROTECTED] with a subject line of whatever it was. > > We have a law firm that wants to record all their communications in both > directions. We are capturing inbound emails by appending > &[EMAIL PROTECTED] to the end of everyones .qmail file. > What's missing is a way to capture the outbound emails. > > Texas courts are currently in the process of requiring attorneys to use > email to file and update their cases. They are using email as though it > was a guaranteed delivery mechanism even though we all know it isn't. > This pilot project is expected to go nationwide soon. > > When the courts send out an email containing a virus (they use Windows > boxes), the normal thing for a receiving MTA's virus checker to do is > silently throw that email away and not notify anyone. In this case > however, that email has legal ramifications so that either we have to > let the infected email pass thru the server, extract only the infected > portion of the email leaving the rest intact (no idea how to do that), > or throw it away but notify the recipient of what was done. The subject > line of these emails contains a case number that could be used as follow > up by the receiving clerk at the law firm. > > We currently use qscanq to call clamav for the heavy lifting, but that > approach doesn't offer a way to notify anyone of what happened to an > infected email - at least not any way I know of. > > We'd like solutions that have per virtual domain granularity so other > domains on the box don't have to do things the same way. > > Suggestions?
simscan might be able to do it. It has per domain support for clamav and spamassassin. A virus causes clamav->simscan->qmail-smtpd to tell the sender MTA to send a bounce message back to the sender with a virus warning message. This is via the standard smtp protocol. simscan would need some "clean message" code to send through the de-infected message. ripmime will rip the message, if there is an un-rip message program we could problaby write the code. We also might be able to cobble up some code to email a report to someone. Ken Jones Ken Jones
