[TCLUG] Yet another new virus

Fri Sep 19 11:56:43 CDT 2003

On Fri, Sep 19, 2003 at 11:29:16AM -0500, Sam MacDonald wrote:
> My ISP is Visi and I have no problems with viruses thanks to Postini.
> I did find 1 sobig that made it to my Postini account <delete>. Maybe
> the cable companies need to implement Postini. It would save them time
> and a lot of money.

What a novel idea! ;-p  It looks like Visi purchased the postini.com ISP
product.  Purchase! Hah!  postfix + Amavisd-new + clamav + spamassassin
works very well for us at CBS, thank you very much. ;-)

Our setup currently looks like this:
1. SMTP Client connection to 25 (postfix)
  1.1 Postfix checks ACL lists (whitelist, blacklist, DNSbl, etc)
    1.1.1 Passes ACL, Accept for filtering
    1.1.2 Fails ACL.  Drop connection.
2. Filter message
  2.1 Send message to localhost:10024 (amavis)
  2.2 Amavisd-new receives message and performs virus checks (clamd)
    2.2.1 If Virus, quarantine and send out notices to recip
  2.3 Amavisd-new performs spam checks (spamassassin)
    2.2.2 If Spam, label and pass for delivery
  2.4 Amavisd-new delivers email
    2.4.1 Send message to localhost:10025 (postfix)
3. Deliver message
  3.1 Postfix accepts w/o ACL checks
  3.2 Deliver messages to appropriate recipients

Now, there's nothing special about having amavis, spamassassin, and clam
antivirus on the localhost.  We did have a separate machine running the
filtering, but that one crashed on us recently and is being rebuilt.

We could bypass the first step and send email directly to amavisd-new if
we were allowed to change our MX records for cbs.umn.edu, but that
presents some new and interesting problems itself.  For example, postfix
is not allowed to aggressively manage SMTP client connections to the
domain servers.  Amavisd-new doesn't have these sophisticated management
methods, nor should it, IMHO.

What I would really like to see with Postfix is a pluggable modules
architecture that would allow you to customize the filtering process of
email.  Imagine a mod_python or mod_perl for postfix.

Exim may be what I'm looking for, with its embedded perl interpretor.
I'm not sure you can beat Exim for flexibility and scriptability.

-- 
Chad Walstrom <chewie at wookimus.net>           http://www.wookimus.net/
           assert(expired(knowledge)); /* core dump */
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://shadowknight.real-time.com/pipermail/tclug-list/attachments/20030919/edcbe019/attachment.pgp