>
> So why don't we change qmail-scanner to return
> a 5xx SMTP error code and a short message when a
> virus email is quarantined?
>
> That way, a legitimate sender will instantly
> know that there is a problem with his email,
> instead of believing that the email was delivered
> successfully. If the email does not really
> contain a virus (i.e. false positive) then he
> can contact the mail server's administrator
> and have the problem fixed.
>
I have already done this on my servers. I'll try and put together a
small patch here soon for it. I'm getting ready to send a different
patch to the list here in a few minutes..
I still like having notifications, so I actually do generate
notifications for admin, but after notifications are sent, I
error_condition() with a code of 33. For spam, I reject with a code of
32
if ($REJECT_VIRUS && $quarantine_event && $destring =~ m/^virus/) {
&error_condition("Virus detected, send SMTP error code...",33);
}
if ($REJECT_SPAM && $spam_event) {
&error_condition("Spam detected, send SMTP error code...",32);
}
In order to get error codes that mean something, instead of '451 qq temp
fail', you'll need to recompile qmail/netqmail.
My qmail.c patch file looks like this... As you can see, it adds
QMAILQUEUE support for qmail-scanner, and it adds some new exit code
options. 42-45 are temp fails if my eval timeouts that I wrap around
AV and spam scans do not finish in a reasonable amount of time, or if
SQL is down so it cant pull user_prefs for SA.
---START PATCH----------------------
--- qmail-1.03/qmail.c Mon Jun 15 05:53:16 1998
+++ qmail-1.03.dc/qmail.c Sun Apr 11 13:52:54 2004
@@ -6,8 +6,17 @@
#include "fd.h"
#include "qmail.h"
#include "auto_qmail.h"
+#include "env.h"
-static char *binqqargs[2] = { "bin/qmail-queue", 0 } ;
+static char *binqqargs[2] = { 0, 0 } ;
+
+static void setup_qqargs()
+{
+ if(!binqqargs[0])
+ binqqargs[0] = env_get("QMAILQUEUE");
+ if(!binqqargs[0])
+ binqqargs[0] = "bin/qmail-queue";
+}
int qmail_open(qq)
struct qmail *qq;
@@ -15,6 +24,8 @@
int pim[2];
int pie[2];
+ setup_qqargs();
+
if (pipe(pim) == -1) return -1;
if (pipe(pie) == -1) { close(pim[0]); close(pim[1]); return -1; }
@@ -97,6 +108,13 @@
case 115: /* compatibility */
case 11: return "Denvelope address too long for qq (#5.1.3)";
case 31: return "Dmail server permanently rejected message
(#5.3.0)";
+ case 32: return "Dmessage rejected due to spam content (#5.3.0)";
+ case 33: return "Dmessage rejected due to detected virus (#5.3.0)";
+ case 34: return "Dmessage rejected due to policy violation
(#5.3.0)";
+ case 42: return "Zqq timeout while running anti-virus scan
(#4.3.0)";
+ case 43: return "Zqq timeout while running anti-spam scan
(#4.3.0)";
+ case 44: return "Zqq spamd returned an error while processing
(#4.3.0)";
+ case 45: return "Zqq sql is currently unavailable (#4.3.0)";
case 51: return "Zqq out of memory (#4.3.0)";
case 52: return "Zqq timeout (#4.3.0)";
case 53: return "Zqq write error or disk full (#4.3.0)";
---END PATCH----------------------
Then, when you error_condition QS with a 33, qmail will give a '550
message rejected due to detected virus' (ie permanent failure).
Dallas
-------------------------------------------------------
This SF.Net email is sponsored by Sleepycat Software
Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to
deliver higher performing products faster, at low TCO.
http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3
_______________________________________________
Qmail-scanner-general mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
