RE: [FW1] Re: SMTP A/V Design

[Rob Shein <Rshein () LANSOLUTIONS com>]

One thing that is helpful is that before mail hits the server from the
internet, it's in one of only a few formats...you could build something
that scans the data as it passes through.  McAfee has a product like
this which scans ftp, http, and smtp...that way, it exists independently
of anything else, you merely have to put it between the router and the
rest of the network..

> -----Original Message-----
> From:  Jay Tribick [mailto:netadmin () fastnet co uk]
> Sent:  Thursday, February 18, 1999 4:11 AM
> To:    Matt McClung
> Cc:    fw-1-mailinglist () lists us checkpoint com; firewall-wizards () nfr net
> Subject:       [FW1] Re: SMTP A/V Design
>
>
> > I am lokking at designing a new email anti-virus scanning architecture for
> > incoming mail.  However, I don't see a clean way to scan email, review it
> > for destination (bouncing etc) and then final delivery.  Allow me to
> > be more
> > clear.
> >
> > 1.  Internet email for x company is first identified at the firewall.
> > 2.  The firewall knows to pass SMTP traffic to a A/V scanning server, which
> > it does
> > 3.  The A/V Servers finds nothing and sends back the message information to
> > the firewall
> > 4.  The firewall then allows the email to the mail relay server on it
> > service network (MX)
> > 5.  The Mail relay server (running sendmail) scans the envelope and other
> > information to
> >     determine if the email is for a domain it is accepting mail for...
> > 6.  The mail relay host delivers mail to an internal SMTP server for final
> > deliver to the
> >     email system.
> >
> > Questions:  This almost seems like its too complicated with the
> > seperate A/V
> > Server and mail relay host.  The delivery time is not the main concern, but
> > rather the complexity and the steps the messages takes to finally get
> > delivered.
> >
> > Anyone created such a beast?  Because of the software (A/V) you have only a
> > small choice of platforms, as well as the relay host.  Therefore, you
> > almost
> > have to have something like this.
> >
> > Of course, this assumes that your company policy is to scan the email
> > before
> > it is allowed into the internal network (good idea).  Otherwise you
> > could do
> > desktop scanning, or mail server scanning.
>
> Why not just create your own local MDA - or did you want to scan
> outbound emails as well?
>
> --
> Regards,
>
> Jay Tribick <netadmin () fastnet co uk>
>
> [| Network Admin | FastNet International | http://fast.net.uk/ |]
> [| Finger netadmin () fastnet co uk for contact info & PGP PubKey |]
> [|   +44 (0)1273 T: 677633 F: 621631 e: netadmin () fast net uk   |]
>
>
>
> ========================================================================
> ========
>     To unsubscribe from this mailing list, please see the instructions
> at
>               http://www.checkpoint.com/services/mailing.html
> ========================================================================
> ========