[Avcheck] inclusion / exclusion of envelope recipients

Michael Tokarev mjt@tls.msk.ru
Wed, 09 Jan 2002 13:58:59 +0300 

adi wrote:
> 
> On Wed, Jan 09, 2002 at 04:49:24PM +0800, Luke Dudney wrote:
> > I am wondering if there is an easy way to give avcheck a list of recipient
> > email addresses to scan and to simply pass all other addresses without
> > scanning.
> 
> IMHO. This should be better done at postfix side, as there is
> possibility of one mail has multiple recipients which is has to be
> scanned or not scanned. Of course one could limit the
> $transport_destination_recipient_limit if the solution has to be on
> avcheck side.

I thought about this long before.  There is a possibility for this
at avcheck side too.  Having a list of recipients and a map that
lists all addresses that should be scanned, it is possible to
derive two lists -- one that should be scanned and one that shouldn't.
When scan a message if first list is non-empty, and:

 a) call infected handler and send mails to other addresses
 b) send clean mail to all addresses

This scheme is fragile: it is hard to surpress duplicates in case
of errors.  Unfortunately, there is no way to tell postfix (or any
other mta) that this address is done *from the delivery agent*.  If
there will be such ability, other interesting things will be possible
(for example, I want to deliver the same message to a bunch of
different uucp nodes, and it is good to *link* the message in uucp
queue instead of *copy* it to every node.  Ideal way will be
to store message first, when for every recipient, make uucp job
and mark that rcpt as done, stop if uucp fails.  A sort of "reverse-smtp",
message body first when list of recipients).

> If it is ok two use two postfix instance, you could set virtual_maps
> for the 'first' instance of postfix, using sendmail style virtual
> domain strategy, for example:
> 
> adi@domain.com  adi@viruscan.domain.com
> ida@domain.com  ida@viruscan.domain.com
> 
> others who don't get listed in this virtual_maps, wouldn't be
> scanned.
> 
> Then make second postfix instance to handle viruscan.domain.com,
> using content_filter or content_inspector plus avcheck (of course ;-)

With second instance, things will obviously work, as Ralf and you
pointed out.  BTW, there is no need for content_inspector.  Continuing
this example, on first postfix add:

 transport:
  viruscan.domain.com  avcheck

 master.cf:
  avcheck ... pipe argv=avcheck -S second_instance:smtp ...

i.e. avcheck will contact second instance directly.

But having two postfixes isn't very interesting IMHO.  Well,
for big mailservers, it is useful to have dedicated virusscanning
machine and do mapping like:

inbound:
 virtual:
   user1@example.com  user1@virusscan.example.com
   user2@example.com  user2@mailboxes.example.com
 transport:
   mailboxes.example.com  local:
virusscan:
 virtual:
  @example.com  @mailboxes.example.com
 transport:
  mailboxes.example.com  avcheck:
 master.cf:
  avcheck ... -S mailboxes.example.com:smtp

Here we have at least 2 machines, `inbound' that acts as mail receiver
and mailbox storage, and `virusscan' that only checks mails for viruses
and forwards it to mailboxes.  Inbound can differ from `mailboxes',
obviously, and there may be several inbounds and mailbox machines.

BTW, it may be interesting to teach avcheck to listen on e.g. smtp
port, so that there will be no need for any MTA on `virusscan' machine --
all queues are already here at other machines.

But that's for really large installations (Len?).  I want to see solution
for one machine and one postfix instance.

Regards,
 Michael.