Firewall Wizards mailing list archives
RE: [FW1] Re: SMTP A/V Design
From: Rob Shein <Rshein () LANSOLUTIONS com>
Date: Thu, 18 Feb 1999 14:28:27 -0500
One thing that is helpful is that before mail hits the server from the internet, it's in one of only a few formats...you could build something that scans the data as it passes through. McAfee has a product like this which scans ftp, http, and smtp...that way, it exists independently of anything else, you merely have to put it between the router and the rest of the network..
-----Original Message----- From: Jay Tribick [mailto:netadmin () fastnet co uk] Sent: Thursday, February 18, 1999 4:11 AM To: Matt McClung Cc: fw-1-mailinglist () lists us checkpoint com; firewall-wizards () nfr net Subject: [FW1] Re: SMTP A/V DesignI am lokking at designing a new email anti-virus scanning architecture for incoming mail. However, I don't see a clean way to scan email, review it for destination (bouncing etc) and then final delivery. Allow me to be more clear. 1. Internet email for x company is first identified at the firewall. 2. The firewall knows to pass SMTP traffic to a A/V scanning server, which it does 3. The A/V Servers finds nothing and sends back the message information to the firewall 4. The firewall then allows the email to the mail relay server on it service network (MX) 5. The Mail relay server (running sendmail) scans the envelope and other information to determine if the email is for a domain it is accepting mail for... 6. The mail relay host delivers mail to an internal SMTP server for final deliver to the email system. Questions: This almost seems like its too complicated with the seperate A/V Server and mail relay host. The delivery time is not the main concern, but rather the complexity and the steps the messages takes to finally get delivered. Anyone created such a beast? Because of the software (A/V) you have only a small choice of platforms, as well as the relay host. Therefore, you almost have to have something like this. Of course, this assumes that your company policy is to scan the email before it is allowed into the internal network (good idea). Otherwise you could do desktop scanning, or mail server scanning.Why not just create your own local MDA - or did you want to scan outbound emails as well? -- Regards, Jay Tribick <netadmin () fastnet co uk> [| Network Admin | FastNet International | http://fast.net.uk/ |] [| Finger netadmin () fastnet co uk for contact info & PGP PubKey |] [| +44 (0)1273 T: 677633 F: 621631 e: netadmin () fast net uk |] ======================================================================== ======== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ======================================================================== ========
Current thread:
- RE: [FW1] Re: SMTP A/V Design Rob Shein (Feb 18)