On Tue, Sep 30, 2003 at 06:34:19PM +0100, jzaw wrote:
> On Tuesday, Sep 30, 2003, at 17:25 Europe/London, Nico Erfurth wrote:
> >>exiscan-acl surely reduces your traffic ... you don't actually get the
> >>body of the email transferred
>> Hu?
>> exiscan-acl works AFTER the mail is received, and BEFORE a response
>> for DATA is send, so it doesn't reduce your traffic at all.
>> exiscan is made to scan the body of the mail .....
> thanks for correcting my understanding of that
> so, for my clarity, when my mail server issues a
>> acl_check_data:
>> deny message = This message contains a nasty evil file extension \
>> ($found_extension)
>> demime = vbe:vbs:vbx:wsf:wsh:exe:com:cmd:shs:hta:bat:scr:lnk:pif
> the exe has _already_ been transferred over to the server here? but is
> then discarded and the 550 response sent?
Yes. The only way to check whether a mesage contains an exe attachment
is to look at it and you cannot do that if you haven't got the message.
And even if you scanned the message while you were receiving it you
could not immediately deny the message once you know that it contains
an exe-attachment. - SMTP does not offer a command to interrupt the
sending party and if you simply dropped the connection the sending
side will requeue the mail and try later.
cu andreas
