procmail
[Top] [All Lists]

Re: can procmail help me?

2004-02-04 13:19:03
Richard WItt wrote:

<> [ ... ]                                              The reason i need
<> help with procmail is because there is no local delivery at all. After
<> the scanning for viruses and spam happens all email is then forwarded
<> to our internal exchange servers.

In general, procmail is more of a "right answer (tm)" when there IS
local delivery ...

<> Right now the connection limit is stayng full from people trying to
<> send the virus inbound, which takes up connections, and also bounces
<> being sent back to spoofed addresses at our domain. What i would like
<> to do is  somehow drop all these emails if detected, hoping to make
<> sendmail process a bit quicker.

Procmail can only act on a message after the entire SMTP transaction
is complete and the message has been accepted and queued on the local
server.  This isn't going to do any good for reducing the load on the
smtp server.

On the gripping hand, the characteristics that make MyDoom recognisable
are in the body of the message anyway, so there isn't much you can do
ahead of the DATA part of the smtp transaction anyway :(  At best, you
can refuse the message before completing the transaction.

If you were trying to reduce the load on the internal servers, then
you could slot procmail into the flow without too many changes, but
your description indicates the problem is on the external server.  Is
the machine in fact bogging down?  Or have you just hit the thresholds
you set in sendmail.cf?  If the machine has untapped resources (cpu,
ram) then you might increase the number of simultaneous connections
sendmail allows -- you'll still be eating all the crap, it'll just
come in faster.

It sounds like you are already using sendmail milters to get your
incoming messages to the virus checker.  You might consider using one
of the regular expression milters (perhaps the PERL milter) to kill
these things off. 

(Discussion on implementing milters elided from this procmail list)

Reto
-- 
R A Lichtensteiger       rali(_at_)tifosi(_dot_)com

  "If I'd known they'd be putting them on on the sides of buses, I could
  probably have found a way to get by without the 'http://'."
  - T. Berners-Lee, ca. 1996

_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail

<Prev in Thread] Current Thread [Next in Thread>