[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Fw: VIRUS IN YOUR MAIL (W32/BugBear.A (Clam))

On Thu, Oct 17, 2002 at 11:41:20AM +0200, Emile van Bergen wrote a
few disorganized lines, saying:

> Qmail has such a smtp filter (rblsmtpd[2]) that checks MAIL FROM:
> domains against RBLs; it only runs the real server (qmail-smtpd[3]) if
> the domain is not listed.

Of course, it checks the peer IP address instead of the envelope
sender's domain. I wasn't fully awake yet.

The point that separation of the TCP server from the smtp server as done
by qmail gives you the ability to insert scanners and whatnot that
reject mail with a 5xx still stands though. 

Of course, you need to implement quite a bit of SMTP before getting at
the DATA phase, but it's potentially cleaner than doing it in a
transparent proxy, because you only have to deal with the pure data
stream through a set of open file descriptors, not with the IP side
of things.



E-Advies / Emile van Bergen   |   emile@e-advies.info
tel. +31 (0)70 3906153        |   http://www.e-advies.info

Attachment: pgpzQhs2Mdh3g.pgp
Description: PGP signature

Reply to: