Ilan Aisic wrote:
Just my 2 cents:I don't see the ALL_TRUSTED ever in action because at my MTA level (Exim 4.5), I don't direct mail that comes from my internal network through SA. Anyone sees a reason to do so? I do recommend directing all the internal email through an anti-virus (ClamAV in my case). I thought this was redundant but was burnt when someone inadvertently brought a virus on her laptop and once insideand behind the firewall, it started to send itself to everyone. Luckily, in addition to having Clam on the server, most people alsorun Norton or something else on their PCs. The chances of someone inadvertently bringing in ratware that works as a virus is a lot smaller.
I do exactly what you say.. Incoming Spam+Clam Outgoing ClamThe biggest reason I do this is because all users must auth to send mail internally, port 25 in/out is blocked except to/from the mail server. If someone gets a virus/ratware inside I use the clueX4 BOFH style :-D But seriously, I do this mostly to save processing. There is a lot of traffic outbound that is well over the 300KB cutoff of my scanner, so sending everything outbound through is a waste of time/cpu (as far as spam goes.) I do scan for viruses in/out just as a matter of course. We are a small org, so it's easy to see if a user is misbehaving. You will have to adjust for your org, and environment.
-- Thanks, JamesDR
smime.p7s
Description: S/MIME Cryptographic Signature
