One solution would be: 1) Set up 2 qmails - with one having smtp running on the standard port 25 and the other whatever port you want say 26 2) The one running on port 25 takes care of RBL and stuff like that but does NO scanning. 3) In your /var/qmail/control/smtproutes add the domains you wish to be passed onto the 2nd instance of qmail for scanning. Example, domain1.com:127.0.0.1:26 domain2.com:127.0.0.1:26 4) The one running on 26 does the scanning.
The only drawback from this is that if your clients use your smtp and send out e-mails that are not locally hosted, they do not get scanned since the qmail instance running at port 25 is used. I don't think there is a work around for this set up. Now if someone can help me get the daemonized version of f-prot to work with QS, I would appreciate it. Regards, Lu > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]] On > Behalf Of chris > Sent: Thursday, June 06, 2002 5:48 PM > To: Rick Macdougall; [EMAIL PROTECTED] > Subject: Re: [Qmail-scanner-general]Per domain config. > > > Yea, I mean, I can appreciate the extra effort it takes to > separate domains and it SEEMS that it would be better for the > Internet in general to scan all domains... but that's not a > good way to promote revenue from your VISP's (in my case) and > get them to help with the extra cost of the servers necessary > to scan their domains. It's a good sales point for them to > be able to say to their customers "...and we do virus > scanning of every email..." bla bla bla. It helps them to > sell their service, so they should have to help pay for the > cost of doing that. Some VISP's (domains) will want to do > that and will be willing to pay for it. Other's won't. If I > scanned EVERYONE, there'd be no incentive to pay for it. > That's why the per-domain scanning is SO important to me. > It's a tool (along with per-domain anti-spam > scanning) that helps me create incentive to cough up some > extra cash, MRC, setup charges, etc! :) > > I've begun looking into tcpserver's code. I hope I can > figure it out. There's ZERO comments. Dan's so high end, he > doesn't need them... tough luck for someone coming in behind > him trying to figure stuff out. Plus his code is majorly > optimized (good code!) so it's complex to figure out. > > Oh well, I'll give it the 'ole Avantac try I guess... > > :) > > Chris Bunnell > Senior Engineer - Network Implementation > Avantac Technologies, Inc. - Formerly Sonic Internet Services > 9719 Lincoln Village Drive #503 Sacramento, CA. 95827 > (916) 854-5940 > www.avantac.com > Powered by Sun. > > ----- Original Message ----- > From: "Rick Macdougall" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Thursday, June 06, 2002 5:35 PM > Subject: Re: [Qmail-scanner-general]Per domain config. > > > > Hi, > > > > LOL, I just re-read what you said and I agree with you. Below is a > > dis-agreement that I figured I'd post anyways since it's written to > > those > MX > > loving ideas. Some of the below applies to your idea as well. > > > > - new message - > > > > Great in theory, but not so great in implementation. > > > > My currect mail server servers 231 domains, some will want it, some > > won't. Even if only 50% of the domains want it, that's 115 IP > > Address's I can't justify to ARIN. Yesh, last I heard even > SSL http > > servers weren't justifiable. Makes it very hard to get more IP > > Address space from ARIN > that > > way. > > > > I have to ask why you would want qmail-scanner to ignore > some domains > > though? > > > > My current solution is to run qmail-scanner for ALL mail, > but only for > virus > > scanning. I leave per domain spamassassin et al scanning up to > > .qmail-default files (in my case) or .procmailrc files for > those using > > sendmail etc. This method allows me, what I think, great > flexability. > > If > a > > domain suddenly wants spamassassin scanning etc, all I have to do is > modify > > one file. If we were to look at your method, we'd have to > add an IP > > address, modify DNS, wait for DNS mods to take effect > (sometimes up to > > 2 month's for Sympatico's DNS to notice, wtf is up with > that?), modify > > the tcp.smtp.cdb file, etc etc. Not worth it IMHO for larger sites. > > > > So far our current solution Works great, Less filling. > > > > Regards, > > > > Rick > > > > ----- Original Message ----- > > From: "chris" <[EMAIL PROTECTED]> > > To: <[EMAIL PROTECTED]> > > Sent: Thursday, June 06, 2002 8:02 PM > > Subject: [Qmail-scanner-general]Per domain config. > > > > > > Hello list, > > > > I've talked about this issue before here on this list and feel the > > setup > can > > be improved. Quoting from the Q-S FAQ: > > > > 1.. How do I make Qmail-Scanner only scan mail for some local > > domains?. > 2 > > words: "MX records" :-) Put two IP addresses on your mail server, > > change > the > > MX records for those domains you want scanned go to one IP address, > > and > the > > rest to the other. Then you simply have an instance of qmail-smtpd > > running on each address - one with QMAILQUEUE defined and > one without. > > This is > > *majorly* better than coding Qmail-Scanner to ignore > certain addresses - > > this way Qmail-Scanner isn't called at all for the domains > you don't want > to > > protect. > > > > I set this up, and while it works, it's a pain. Esp. with > a cluster > > of > 4-5 > > mail servers... > > > > It seems to me the best place to do this per-domain scanning (not > > local users vs. external users) would be in TCPSERVER... just like > > what was recommended if you wanted to scan/not scan local's/outside > > mail. You > wrote > > a tcp.smtp file that had your internal (don't want to scan) > IP's (such > > as > > 10.x.x.x) and set QMAILQUEUE="" then another rule for all > other IP's to > scan > > ":allow,QMAILQUEUE="/var/qmail/bin/qmailscanner-queue.pl" etc... > > > > Like I said, this works great for the difference between > internal mail vs. > > external... It does nothing for setting scan/no scan on a > per-domain > > basis... the on going consensus has been to use MX records > to point > > to different host IP's on the mail server, then run > multiple instances > > of qmail-smtpd (tcpserver on a per host basis) with a > QMAILQUEUE set > > or un-set... > > > > > > > > > > _______________________________________________________________ > > > > Don't miss the 2002 Sprint PCS Application Developer's Conference > > August 25-28 in Las Vegas -- > http://devcon.sprintpcs.com/adp/index.cfm > > > > > _______________________________________________ > > Qmail-scanner-general mailing list > > [EMAIL PROTECTED] > > https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general > > > > > _______________________________________________________________ > > Don't miss the 2002 Sprint PCS Application Developer's > Conference August 25-28 in Las Vegas -- > http://devcon.sprintpcs.com/adp/index.cfm > > > _______________________________________________ > Qmail-scanner-general mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general > _______________________________________________________________ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm _______________________________________________ Qmail-scanner-general mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
