[Top] [All Lists]

Re: per user post-data rejects, Processing after the end of DATA

2010-08-13 02:28:05

Ray Bellis wrote:
An AV that's configured with different rules for different recipients.

Or one that's only configured for the customers that are paying for it.

That's certainly true, although uncommon in my own experience because providers make operational choices to avoid it. As much as possible, the ability to enable or disable a service is kept at the same (or higher) granularity than the MX names. For example, all Google Apps domains refer to a common set of MX names, but Gmail also enforces a uniform anti-virus policy across the service. Highly configurable services like Postini and Message Labs use different MX names for each administrative domain, ensuring sending MTAs send a separate copy to each.

Where I ran into problems (a "disposition conflict") was when different recipients in the same administrative domain (with the same MX name) were able to set different policies. That might be because of administrative delegations within a single customer, or because we gave individual users some knobs they could tweak. Many folk's intuition would be that anti-virus would not be a tweakable service; but you would be wrong. Today's enterprise class anti-malware filters are almost as hairy and indeterminate as spam filters, and that's because malware writers have gotten so darn clever.


<Prev in Thread] Current Thread [Next in Thread>