Hello all, I'm working on restructuring an ISP's mail servers, and as part of it, we're setting up some load sharing measures. One of them is shifting clamav off of the actual mail servers, and running clamav-milter with the --server option to connect to a remote clamd. The problem we found was that the actual data processing doesn't happen on the origial connection port (3310 in this case).
A little poking around showed that clamd is sending back a port number for the actual data exchange to happen on, and then shifting over to the new port. At least that's what it looks like from a quick read of scanner.c. So this breaks simple iptables rules, and I'm looking for something better. I'm assuming this is much like the model of ftp transfers, where it resumes the connection on a different port, and since somebody has managed to work out how to track ftp connections in iptables, I'm hoping there must be some firewall model for this as well. Anybody have any pointers? -- -------------------------------------------------------------------------- | Stephen Gran | Why use Windows, since there is a door? | | [EMAIL PROTECTED] | (By [EMAIL PROTECTED], | | http://www.lobefin.net/~steve | Andre Fachat) | --------------------------------------------------------------------------
pgp00000.pgp
Description: PGP signature
