Re: [Exim] Virus Scanning with mailhubs

Top Page
Delete this message
Reply to this message
Author: Bob Franklin
Date:  
To: Mike Richardson
CC: exim-users
Subject: Re: [Exim] Virus Scanning with mailhubs
On Mon, 12 Nov 2001, Mike Richardson wrote:

>    ^
>    |
> =======         =========
> | Hub |<=====| Virus |
> |     |      | Scan  |
> |     |=====>|       |
> =======      =========
>    ^
>    |

>
> Am I asking the impossible here? If not then what sort of config do I
> need for the Hub and Virus Scan machine?
>
> I'm guessing that I could specify the Virus Scan machine as the
> remote_smtp destination, and the Hub as the remote_smtp's destination
> but to prevent loops I'd have to add a 'scanned-ok' header to the mail
> by the Virus Scanner and check for it on the Hub.


I did some experiments with this, because it was how I'm planning to
introduce the same thing here. My 'solution' was to do set up a router,
specified, before the one which delivers mail on from the hub to its
destination, with something like:

  unscanned_mail:
    driver = domainlist
    transport = remote_smtp
    route_list = "* mailscanhost.mycorp.com byname"
    condition = ! ${eq {$sender_host_address}{192.168.1.1.}}


Where 'mailscanhost' is your mail scanning host and '192.168.1.1' is its
IP address. [Obviously more complex arrangements could be contrived.] I
might have this a little wrong as the machine with the test configuration
went down with a disk fault today. I won't mention the vendor. ;)

The idea is that the router is only matched if the host from which the
mail was received does not have the IP address of the scanning host, so is
'unclean'. This assumes you can make sure this doesn't generate loops and
things, as the only way to detect a clean message is if it came directly
from the scanning host.

I'd appreciate anyone pointing out the folly of my ways before I go any
further with this. :)

- Bob


-- 
 Bob Franklin <r.c.franklin@???>          +44 (0)118 987 6630
 Systems and Communications, IT Services, The University of Reading, UK