> From: Daniel Senie <[EMAIL PROTECTED]>
>
> Products which wish to filter spam or viruses
> REALLY should be built to "plug in" to mail clients via APIs.
I disagree. The propper place to do spam and virus scanning is on the
server. Sure, if you want user's to feel some form of warm fuzzy, they
should have the option to run it on the client (and once there, your
method might be right). But the best place to put it is on the server.
For one, it means that the client hasn't wasted bandwidth downloading
what may be huge amounts of bad data.
And there are great products for doing it on the server. We use the
open source Mailscanner as the main scanning engine, which allows you
to use a wide range of virus scanning engines (we use sophos savi, but
they have support for mcaffee and others), doing RBL checks, filename
attachment checks, and spam assassin. We use spam assassin and filename
checks, but not RBL checks (too much latency to slow down mail delivery).
Mailscanner will also let you chose what to do with messages after the
various scanning engines have made decisions. For example, with viruses
you have the option to a) remove the infected attachment and replace it
with a warning, and you can choose to quarantine the attachment in case
it might still be useful to the recipient, b) for each virus type, you
can silently delete it (good for viruses like the klez family, which
forge their sender), c) attemp to remove just the infection from the
attachment and deliver the non-infected portion of the attachment as
normal. For spam, you have options of "deliver" (with headers indiating
why it was marked as spam), "delete", "bounce" (attempt to send it back
to the claimed sender), "forward", "store" (quarantine), "striphtml" (can
be used in conjunction with the other choices). In both cases, you get
headers that help you build mail sorting filters so that you can divert
these messages to different folders than your inbox, and you also have
the option to have the subject modified (such as adding "{Virus?}" or
"{Spam?}" to the start of the subject).
I was so happy with it at work that I also use it at home on my home
mail server.
Though, Mailscanner isn't perfect. It uses two mail queues (you have one
sendmail process (sendmail -bd -OQueueonly -OQueueDir=/var/spool/mqueue.in)
deposit messages into /var/spool/mqueue.in, and then mailscanner processes
the messages and puts them into /var/spool/mqueue, where a "sendmail -qXXm"
process picks them up for delivery; this means you need to keep an eye on
the size of mqueue.in if you've got a huge volume of mail traffic, in case
it gets clogged ... we get ~120k messages per day, and our SMTP servers are
2 sunblade 150's ... we can basically handle 1.5 to twice our current overall
load before things get out of control).
Other sites that I know of use the sendmail milters "Minedefang" or "Amavisd"
to do virus scanning + spam assassin. They don't require a second mail queue,
but they do slow down the initial smtp process (a long pause after the client
sends the message and before the server acknowledges/accepts it). But it
does offer the advantage that instead of hoping to bounce a message to the
address that claimed to send it, when you reject the message you simply put
the burden upon the sending client. If they're the original sender, then
the spam just backlogs on their machine.
Hm. That was much more than I started out to say. Anyways ... IMO, there's
no real need for mail client API's for virus/spam plug ins. Do it on the
server (and, if you're a user, insist that whoever maintains your server
do it on their server).
