RE: Re[2]: Syntax question: smtp-policy.spam

[Marek Kowal <kowalm@onet.pl>]

> With the recent exposion of spam and virus traffic, I became 
> concerned about content filtering.  But I am wandering if extra 
> fork()/exec() for every message is practical...  

Exactly. This opens the computer to DoS attack - just send many letters and
you've got fork-bomb. Even very good linuxes act slow above 50 forks()/sec.

> We currently process well over a million messages per day.  
> Ideally, content filter might be built in smtpserver binary, with 
> filtering rules dynamically reloadable the same way as current policy
database.

I doubt it should be in the binary - it will grow big and maintenance will
become real burden. The best way - I believe - is to create separate
program, which listens on the socket for incoming letters, parses them, and
then answers (in unerstandable way) - what should be done to the letter. it
might also return reprocessed letter (i.e. with viruses removed). once the
interface is well documented, anyone can write his/her own content filter,
the zmailer just contacts it.

In this way the program gets separated from smtpserver, you do not have
forks, and you can develop filter in any language (probably starting off
with perl, but ending up in pure C for sites requiring bigger efficiency). 

Also, there is question, where the filter should be installed - in the
smtp-server (better response to still-connected SMTP client, but bigger
openess to DoS attack (smtpserver works on-line!), or in router (off-line,
but in case of problems no way to contact SMTP client).

Cheers,
Marek.
-
To unsubscribe from this list: send the line "unsubscribe zmailer" in
the body of a message to majordomo@nic.funet.fi