So far, the patch will be pretty much the same, but with new versions. However, I'll be replacing the tarpit patch with the spam throttle patch, since the tarpit mechanism is easily (and often) circumvented. I'm contemplating adding the greylisting patch.. but will probably leave that as an optional add-on. Is anyone using the greylisting patch in production? Any thoughts on it? What about SPF?
I have a couple requests/recommendations. I brought this patch up a couple months ago on this list:
http://qmail.deliver3.com/qmail-smtpd-viruscan-1.3.patch
At the time I was told to get a real virus-scanner and I do run ClamAV through qscanq. I did get this patch to apply to toaster with some tweaking and I think it should be an option during toaster install because:
1) It provides protection against viruses that just broke where virus scanner maintainers have not yet had the chance to build a signature and distribute it. Unfortunately the virus scanner method relies on detecting a virus in the wild first, then building a signature and distributing it - meanwhile the virus has already been propogating. This patch offers an effective solution to this problem and therefore offers a very comprehensive anti-virus solution when used in combination with a qscanq + a good scanner like ClamAV.
2) It provides protection against the DOS that can result from an onslaught of SMTP connections like we had with SoBig. The problem you see with big outbreaks is that it really hits your mail server hard - especially when you have to scan each email coming in and you have sustained 250 incoming connections - all of which are mostly the virus. With this patch, you can easily block these viruses before it ever hits the scanner and therefore greatly reduces server load during big outbreaks.
3) It is a small patch and therefore, easy to maintain/integrate with toaster. It can be applied by default with an empty /var/qmail/control/signatures file so that it does not become effective until that file is populated with MIME signatures.
4) I have found it to be very effective - the only thing that really gets through it are the viruses that are zipped. I do not recommend using all of the signatures that are specified in the patch - more specifically, ditch the ZIP ones as they also block legitimate ZIP files.
I would also like to see some instructions on integrating SpamAssassin and qscanq - this would have been helpful when I hooked these two up a while back. If it helps, here is how I did it: I moved qmail-queue to qmail-queue.orig and made my own qmail-queue that is simply a shell script (lame - I know, but it works fine). In the script (5 lines), I simply check for RELAYCLIENT and pipe to spamd if RELAYCLIENT is not present. I did have to email the qscanq author about the fact that it did not preserve the qmail ENV (in other words, qscanq was blowing away RELAYCLIENT) - which he fixed within three days and posted 0.41 - talk about service! Anyways, my way be a dumb way to do it, so if there is a better way (besides writing it in C instead of shell script), I would like to know and think it should be documented on the toaster docs so that everybody can know.
My two cents.
Mike
