Firewall Wizards mailing list archives

Re: SMTP A/V Design

From: Randy Grimshaw <rgrimsha () mailbox syr edu>
Date: Thu, 18 Feb 1999 10:10:50 -0500 (EST)


Matt:
  Postfix is a newly released mailer / MTA which has much of your
architecture for scanning messages available as a side effect of its
modular design, and programs such as yours have been discussed in depth
on it's lists. Start at www.postfix.org for more information.

<><Randall Grimshaw, Network Programmer, Syracuse University, 315-443-5779

On Tue, 16 Feb 1999, Matt McClung wrote:

I am lokking at designing a new email anti-virus scanning architecture for
incoming mail.  However, I don't see a clean way to scan email, review it
for destination (bouncing etc) and then final delivery.  Allow me to be more
clear.

1.  Internet email for x company is first identified at the firewall.
2.  The firewall knows to pass SMTP traffic to a A/V scanning server, which
it does
3.  The A/V Servers finds nothing and sends back the message information to
the firewall
4.  The firewall then allows the email to the mail relay server on it
service network (MX)
5.  The Mail relay server (running sendmail) scans the envelope and other
information to
    determine if the email is for a domain it is accepting mail for...
6.  The mail relay host delivers mail to an internal SMTP server for final
deliver to the
    email system.

Questions:  This almost seems like its too complicated with the seperate A/V
Server and mail relay host.  The delivery time is not the main concern, but
rather the complexity and the steps the messages takes to finally get
delivered.

Anyone created such a beast?  Because of the software (A/V) you have only a
small choice of platforms, as well as the relay host.  Therefore, you almost
have to have something like this.

Of course, this assumes that your company policy is to scan the email before
it is allowed into the internal network (good idea).  Otherwise you could do
desktop scanning, or mail server scanning.

INFO:
The FW is FW-1 using CVP.  The A/V server is NT running an A/V application
to check SMTP and the mail relay host is a Sun Ultra running sendmail 8.9.x

Your thoughts on this are requested...

Matt McClung
Net.Works Security Engineer
mmcclung () ndwcorp com

Current thread:

SMTP A/V Design Matt McClung (Feb 17)
- Re: SMTP A/V Design Jay Tribick (Feb 18)
- Re: SMTP A/V Design Randy Grimshaw (Feb 18)
- Re: SMTP A/V Design Christoph Schneeberger (Feb 18)
- Re: SMTP A/V Design Rodney van den Oever (Feb 22)
- <Possible follow-ups>
- Re: SMTP A/V Design Matt McClung (Feb 25)