On Wednesday 22 September 2004 02:14 pm, Bill Gradwohl wrote:
> Two issues:
> 1) Using qmail & vpopmail, what methods are available to log all inbound
> and outbound email PER VIRTUAL DOMAIN?
> 2) We also need a way to notify the recipient of an email that contained
> a virus that the infected email was destroyed, and that it came from
> [EMAIL PROTECTED] with a subject line of whatever it was.
> We have a law firm that wants to record all their communications in both
> directions. We are capturing inbound emails by appending
> &[EMAIL PROTECTED] to the end of everyones .qmail file.
> What's missing is a way to capture the outbound emails.
> Texas courts are currently in the process of requiring attorneys to use
> email to file and update their cases. They are using email as though it
> was a guaranteed delivery mechanism even though we all know it isn't.
> This pilot project is expected to go nationwide soon.
> When the courts send out an email containing a virus (they use Windows
> boxes), the normal thing for a receiving MTA's virus checker to do is
> silently throw that email away and not notify anyone. In this case
> however, that email has legal ramifications so that either we have to
> let the infected email pass thru the server, extract only the infected
> portion of the email leaving the rest intact (no idea how to do that),
> or throw it away but notify the recipient of what was done. The subject
> line of these emails contains a case number that could be used as follow
> up by the receiving clerk at the law firm.
> We currently use qscanq to call clamav for the heavy lifting, but that
> approach doesn't offer a way to notify anyone of what happened to an
> infected email - at least not any way I know of.
> We'd like solutions that have per virtual domain granularity so other
> domains on the box don't have to do things the same way.
> Suggestions?

simscan might be able to do it. It has per domain support for clamav
and spamassassin. A virus causes clamav->simscan->qmail-smtpd to
tell the sender MTA to send a bounce message back to the sender with a virus 
warning message. This is via the standard smtp protocol.

simscan would need some "clean message" code to send through the de-infected
message. ripmime will rip the message, if there is an un-rip message program 
we could problaby write the code.

We also might be able to cobble up some code to email a report to someone.

Ken Jones
Ken Jones

Reply via email to