Yea, I mean, I can appreciate the extra effort it takes to separate domains and it SEEMS that it would be better for the Internet in general to scan all domains... but that's not a good way to promote revenue from your VISP's (in my case) and get them to help with the extra cost of the servers necessary to scan their domains. It's a good sales point for them to be able to say to their customers "...and we do virus scanning of every email..." bla bla bla. It helps them to sell their service, so they should have to help pay for the cost of doing that. Some VISP's (domains) will want to do that and will be willing to pay for it. Other's won't. If I scanned EVERYONE, there'd be no incentive to pay for it. That's why the per-domain scanning is SO important to me. It's a tool (along with per-domain anti-spam scanning) that helps me create incentive to cough up some extra cash, MRC, setup charges, etc! :)
I've begun looking into tcpserver's code. I hope I can figure it out. There's ZERO comments. Dan's so high end, he doesn't need them... tough luck for someone coming in behind him trying to figure stuff out. Plus his code is majorly optimized (good code!) so it's complex to figure out. Oh well, I'll give it the 'ole Avantac try I guess... :) Chris Bunnell Senior Engineer - Network Implementation Avantac Technologies, Inc. - Formerly Sonic Internet Services 9719 Lincoln Village Drive #503 Sacramento, CA. 95827 (916) 854-5940 www.avantac.com Powered by Sun. ----- Original Message ----- From: "Rick Macdougall" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, June 06, 2002 5:35 PM Subject: Re: [Qmail-scanner-general]Per domain config. > Hi, > > LOL, I just re-read what you said and I agree with you. Below is a > dis-agreement that I figured I'd post anyways since it's written to those MX > loving ideas. Some of the below applies to your idea as well. > > - new message - > > Great in theory, but not so great in implementation. > > My currect mail server servers 231 domains, some will want it, some won't. > Even if only 50% of the domains want it, that's 115 IP Address's I can't > justify to ARIN. Yesh, last I heard even SSL http servers weren't > justifiable. Makes it very hard to get more IP Address space from ARIN that > way. > > I have to ask why you would want qmail-scanner to ignore some domains > though? > > My current solution is to run qmail-scanner for ALL mail, but only for virus > scanning. I leave per domain spamassassin et al scanning up to > .qmail-default files (in my case) or .procmailrc files for those using > sendmail etc. This method allows me, what I think, great flexability. If a > domain suddenly wants spamassassin scanning etc, all I have to do is modify > one file. If we were to look at your method, we'd have to add an IP > address, modify DNS, wait for DNS mods to take effect (sometimes up to 2 > month's for Sympatico's DNS to notice, wtf is up with that?), modify the > tcp.smtp.cdb file, etc etc. Not worth it IMHO for larger sites. > > So far our current solution Works great, Less filling. > > Regards, > > Rick > > ----- Original Message ----- > From: "chris" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Thursday, June 06, 2002 8:02 PM > Subject: [Qmail-scanner-general]Per domain config. > > > Hello list, > > I've talked about this issue before here on this list and feel the setup can > be improved. Quoting from the Q-S FAQ: > > 1.. How do I make Qmail-Scanner only scan mail for some local domains?. 2 > words: "MX records" :-) Put two IP addresses on your mail server, change the > MX records for those domains you want scanned go to one IP address, and the > rest to the other. Then you simply have an instance of qmail-smtpd running > on each address - one with QMAILQUEUE defined and one without. This is > *majorly* better than coding Qmail-Scanner to ignore certain addresses - > this way Qmail-Scanner isn't called at all for the domains you don't want to > protect. > > I set this up, and while it works, it's a pain. Esp. with a cluster of 4-5 > mail servers... > > It seems to me the best place to do this per-domain scanning (not local > users vs. external users) would be in TCPSERVER... just like what was > recommended if you wanted to scan/not scan local's/outside mail. You wrote > a tcp.smtp file that had your internal (don't want to scan) IP's (such as > 10.x.x.x) and set QMAILQUEUE="" then another rule for all other IP's to scan > ":allow,QMAILQUEUE="/var/qmail/bin/qmailscanner-queue.pl" etc... > > Like I said, this works great for the difference between internal mail vs. > external... It does nothing for setting scan/no scan on a per-domain > basis... the on going consensus has been to use MX records to point to > different host IP's on the mail server, then run multiple instances of > qmail-smtpd (tcpserver on a per host basis) with a QMAILQUEUE set or > un-set... > > > > > _______________________________________________________________ > > Don't miss the 2002 Sprint PCS Application Developer's Conference > August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm > > _______________________________________________ > Qmail-scanner-general mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general > _______________________________________________________________ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm _______________________________________________ Qmail-scanner-general mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
