On Thu, 17 Oct 2002 10:32, Brian May wrote: > On Thu, Oct 17, 2002 at 10:25:52AM +0200, Russell Coker wrote: > > Ideally we would be able to detect the virus as it comes in and give a > > 5xx SMTP code. > > Yes, that would be the best solution. > > exim is the only MTA I know of where I have heard this is possible > though.
The best solution would be to have a transperant proxy in front of the mail server that does this. The proxy could pass the data through until a SMTP "DATA" command is sent (so if the envelope sender or recipient addresses or of the sending host name or RBL isn't right then the mail server can drop it). Then it would pause the data stream until it had received it all and scanned it (sending code 5xx for a virus and passing it on otherwise). Is Linux transperant proxying up to this? Can you intercept a data stream while preserving both the source and destination addresses? I've CC'd this to debian-isp for some more input. -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page
