Re: i-cap proposals

[Carson Gaspar <carson () taltos org>]

--On Sunday, February 13, 2005 12:10 PM +0300 ArkanoiD <ark () eltex net> 
wrote:

> Yes, IMAP is a content inspection nightmare - it was really insane to
> deisgn it the way each one of zillion ways to get an email sliced to
> little pieces and sucked down is mandatory to be implemented on server
> and, thus, on the proxy!

No, it makes perfect sense. And it's why IMAP4 is the only mail client 
protocol that behaves well on low bandwidth links (and can be safely taken 
offline and re-sync'd). POP3 is the insane mail protocol. But I admit that 
proxying and scanning the content is much easier with stupid protocols.

You really should be doing scanning on the server. If you don't control the 
server, why are you allowing people to access it? If you insist on doing 
in-line scanning between the server and client, one option is to keep state 
on which messages have already been scanned during this session (pay 
attention to UIDVALIDITY). If any part (or any body part - see below) of a 
message which hasn't been scanned is fetched, do a full fetch in the proxy 
and scan it. If you trigger a scan on a header fetch, the user experience 
will suck, since most IMAP clients fetch from, date, and subject headers 
for a large subset of messages to display the mailbox summary.

--
Carson

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards