[Avcheck] postfix xclient
Geir Thomassen
gthomassen at network-electronics.com
Mon Nov 22 01:00:50 MSK 2004
Michael Tokarev wrote:
> Piotr KUCHARSKI wrote:
>> Any thoughts about using postfix XCLIENT extension? Would be nice. :)
>
>
> Alot of thoughts, really.... I posted a question here a while back
> about this very topic. XCLIENT means realtime SMTP-based content
> filter, so avcheck (or whatever) in this mode should run as a daemon,
> listen on some port and speak SMTP as client and server.
>
> Originally avcheck meant to be very small program to be called by
> pipe(8) delivery agent. Small because in this mode it is spawned
> for every mail message, so any startup costs should be minimized
> (thus eg perl-based stuff is a no-no). In daemon mode, startup
> costs are really irrelevant, and that same perl-based solution,
> in fork-for-each-email should perform just fine (even memory
> overhead will be minimal, because most large data -- executable
> image and parsed perl modules -- will be shared between all the
> processes).
>
> I have some perl-based (ok ok, if not perl in final solution, it
> is a quick way to do a prototype without much coding) code here,
> which works on our main server (other servers are still using
> avcheck). As a prototype it have some problematic cases, and
> I *want* to improve it.. some day...
>
> The more I think about all this, the more it becomes obvious that
> postfix should have general smtp-proxy implementation (maybe 3rd
> party but that's irrelevant now), and a simple socket-mode interface
> for various content filters (virusscanners, spam filters etc) --
> to accept a message over SMTP, save it in a temp file and tell
> a scanner to check the given file, sort of.
>
> The main problem still is a good resource/concurrency control
> (as a start: it is unacceptable to run more virusscanners when
> a system is overloaded as we're risking spending more time --
> for this connection and for other active connections -- than
> allowed by RFCs after the end-of-data, and, more important,
> than our SMTP clients will wait (some clients waits for several
> secounds only, instead of required 5 to 30 minutes - and some
> of them are rather significant and thus can't be ignored because
> of incompetence, like hotmail); and, at the same time, when
> we accepting new connection, we can't know how loaded the system
> will be when the client will send end-of-data marker, because
> at that time other virusscanner sessions may finish).
>
> But either way, this is something very-very different compared
> to current avcheck... ;)
Have you seen proxsmtpd ?
http://memberwebs.com/nielsen/software/proxsmtp/
I have not tried it yet, but looking at the source code, it seems
very well written. It does not support XCLIENT at the moment, but
I guess it could be extended.
CC: Nate
Best Regards
Geir
More information about the Avcheck
mailing list