Re: per user post-data rejects, Processing after the end of DATA
2010-08-13 02:28:05
Ray Bellis wrote:
An AV that's configured with different rules for different recipients.
Or one that's only configured for the customers that are paying for it.
That's certainly true, although uncommon in my own experience because
providers make operational choices to avoid it. As much as possible,
the ability to enable or disable a service is kept at the same (or
higher) granularity than the MX names. For example, all Google Apps
domains refer to a common set of MX names, but Gmail also enforces a
uniform anti-virus policy across the service. Highly configurable
services like Postini and Message Labs use different MX names for each
administrative domain, ensuring sending MTAs send a separate copy to each.
Where I ran into problems (a "disposition conflict") was when different
recipients in the same administrative domain (with the same MX name)
were able to set different policies. That might be because of
administrative delegations within a single customer, or because we gave
individual users some knobs they could tweak. Many folk's intuition
would be that anti-virus would not be a tweakable service; but you would
be wrong. Today's enterprise class anti-malware filters are almost as
hairy and indeterminate as spam filters, and that's because malware
writers have gotten so darn clever.
<csg>
<Prev in Thread] |
Current Thread |
[Next in Thread>
|
- Re: per user post-data rejects, Processing after the end of DATA, (continued)
- Re: per user post-data rejects, Processing after the end of DATA, Douglas Otis
- Re: per user post-data rejects, Processing after the end of DATA, John R Levine
- Re: per user post-data rejects, Processing after the end of DATA, ned+ietf-smtp
- Re: per user post-data rejects, Processing after the end of DATA, Carl S. Gutekunst
- Re: per user post-data rejects, Processing after the end of DATA, John Levine
- Re: per user post-data rejects, Processing after the end of DATA, Carl S. Gutekunst
- Re: per user post-data rejects, Processing after the end of DATA, Ray Bellis
- Re: per user post-data rejects, Processing after the end of DATA,
Carl S. Gutekunst <=
- Re: per user post-data rejects, Processing after the end of DATA, Ray Bellis
- Re: per user post-data rejects, Processing after the end of DATA, Hector Santos
- Re: per user post-data rejects, Processing after the end of DATA, Carl S. Gutekunst
- Re: per user post-data rejects, Processing after the end of DATA, Hector Santos
- Re: per user post-data rejects, Processing after the end of DATA, Hector Santos
- Re: per user post-data rejects, Processing after the end of DATA, Hector Santos
- Re: Processing after the end of DATA, Arnt Gulbrandsen
- Re: Processing after the end of DATA, Robert A. Rosenberg
- Re: Processing after the end of DATA, J.D. Falk
Re: Processing after the end of DATA, John Levine
|
|
|