Re: SMTP before-queue proxy gets randomly disconnected

• Previous message: Jens Stark: "Re: Adding a domain to remote mail (with apologies for any duplicates)"
• Maybe in reply to: Andrew Wood: "SMTP before-queue proxy gets randomly disconnected"
• Next in thread: Victor Duchovni: "Re: SMTP before-queue proxy gets randomly disconnected"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

On Mon, Aug 08, 2005 at 10:53:18AM -0400, Covington, Chris wrote:
> Why don't you just use a content-filter & discard / quarantine the
> virus-laden emails?

I already discard viruses via a procmail recipe at the point of delivery.
You're right, this is a good approach, because there are generally no false
positives so discarding is safe.

However, this doesn't filter mail *sent* through my server, so viruses could
be sent from a customer's machine to random places elsewhere on the Internet
via my mail server.

Also, I want to run other checks than virus scans; in particular I want to
scan the message content for URLs and then check the IP address those URLs
map to against the Spamhaus SBL+XBL blacklist. This has potential for false
positives, so I want to be able to let the sender know if their message gets
blocked.

Since I want to inform any legitimate senders, but the sender address will
be forged for pretty much all spam that gets caught, the best solution I can
think of is to check before the message is queued so that the sending mail
server is immediately informed of the rejection with a 554 response to the
end of the DATA command. That way, my mail server isn't generating bounce
messages to possibly forged senders.

The Spamhaus URL check does catch a lot of email (even after the SPF and
sending-mail-server blacklist checks), so I don't want to quarantine such
messages, because maintenance of the quarantine queue would be tedious;
also, false positives so far have been very rare, so it seems most efficient
to let the sender deal with it if their message is bounced (generally they
just have to remove the offending URL from their email, or take out the
<img> tag in their signature that points to the hilarious smiley face served
by a spyware site, or whatever).

Again, I want this check to be run for mail sent via my server as well, so
any customers infected with trojans or viruses can't accidentally send spam
through my server, or at least not as easily.

- Andrew

• Previous message: Jens Stark: "Re: Adding a domain to remote mail (with apologies for any duplicates)"
• Maybe in reply to: Andrew Wood: "SMTP before-queue proxy gets randomly disconnected"
• Next in thread: Victor Duchovni: "Re: SMTP before-queue proxy gets randomly disconnected"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]