Postfix anti-antivirus (was Re: [linux-elitists] procmail recipe for mydoom?)

Jeff Waugh jdub@perkypants.org
Tue Feb 3 14:44:55 PST 2004


<quote who="Derek Vadala">

> > No, I'm arguing that doing this kind of stuff (talking to
> > MTA-independent anti-virus or anti-spam software) at SMTP time is
> > boofheaded. So the rest of your points are mostly irrelevant, or perhaps
> 
> Have you gone mad? Dealing with this stuff at SMTP time is precisely how
> you keep your shit working during an major outbreak, when you are managing
> high-volume (more than half a million messages per day) transports with
> AV/Spam checking and many thousand windows users on the inside.

Yes, but doing it at SMTP time using MTA-only tools means avoiding massive
failure as well as reduced CPU/RAM/disk overhead from using the heavier AV
and SPAM tools.

Right now, one of the mail systems I administer is either rejecting or
discarding over 85% of mail going through it, which ends up being about 200
mails per minute. All via in-MTA tests during the SMTP conversation. Then
what's left is handed off to content filtering (spamassassin and clamav) for
policy-driven and more thorough (read: cpu, ram and disk-intensive) spam/AV
detection.

The important bit is that the safe checks are done and the mail is on disk
before we start talking to ("dangerous") third parties, and the lack of this
information at SMTP time doesn't really affect what we're going to do with
the mail anyway -> if it's spam, we're going to discard it. If it's a virus,
we're going to discard it. So given that there's no strong benefit to doing
it during the SMTP conversation... why bother with all of those breakage
points?

- Jeff

-- 
GVADEC 2004: Kristiansand, Norway                    http://2004.guadec.org/
 
  "A problem worthy of attack, proves its worth by fighting back." - Paul
                                   Erdos



More information about the linux-elitists mailing list