[Avcheck] Scan only mails for some domains?

[Michael Tokarev]

Sander Steffann wrote:
> 
> Hi,
> 
> > Only one thing is left: is it possible to scan only mails for selected
> > recipients instead of all incoming mail? I guess it is possible,
> > postfix can sure do this... Any help/pointers appreciated.
> 
> It is possible. We do it like this:
> We have 2 IP addresses for our mailserver. We configured them like this in
> master.cf:
[]
> You can then let the MX point to the second IP address / hostname when you
> want to have it scanned.
> 
> Michael said it couldn't be done, so it's possible that this is a bad
> sollution. But it works great for us.

;)  A good point...  Yes, this way, it can be done too.  (and you
may use smtpd with empty content filter as a reinjection point).
What will not work (or *may* not work as it should be) in this scheme
is outgoing mail scanning -- from inside your network, users usually
able to configure their MUAs, and it is difficult to convince them
to use scanning or non-scanning injection point.  And most interesting
effect will be when the same inside user will post to two domains
at once, one that should be scanned and another that shouldn't.
Well, scanning mails that comes from inside of your network isn't
that necessary.

Both methods have advantages and disadvantages.

BTW, but why this may be necessary?  I'm curious... ;)
Something like having some customers who want (or paid for)
the service and some who not?  Or some customers who says
that any content inspection is evil?  (If the former, then
the solution I proposed may be more interesting - an
administrator will know if them will get some viruses (looking
into logs) and will be able to convince them to use the service...;)

Regards,
 Michael.