Firewall Wizards mailing list archives
Re: SMTP A/V Design
From: Christoph Schneeberger <cschnee () telemedia ch>
Date: Thu, 18 Feb 1999 08:43:26 +0100
Let me throw in my 2 cents: I have had a similar setup which looked like -Firewall Box- I I -Scanserver (symantec)- I I -internal Mail Hub (sendmail)- I I -internal Mailserver (whatever)- Incoming Mail: The firewall sends incoming mail straight to the Scanserver. The scanserver then forwards the mail to the mail hub (after scanning it of course) which decides if the mail is incoming or outgoing and depending on that forwards it either to the mailserver (incoming) or to the firewall (outgoing). Outgoing Mail: SMTP server on the clients mail program is set to the scanserver. scanserver forwards mail to the internal hub and the internal hub decides if the mail has to go out (-> firewall) or is internal (-> mailserver). This way every msg sent is scanned, and I think outgoing scanning is as important as incoming. Because if a virus leaves you it does real damage to your companies public image. The configuration of the internal mail hub is just made with sendmail using simple mailertables. This has worked fine for about 2 years for me (and I catched loads of viruses this way). If your firewall supports CVP as you mention you should be able to do everything in one step over the firewall, but I have no experience with CVP at all. Hope this helps, Christoph Schneeberger SCS Telemedia At 12:51 16.02.99 -0700, Matt McClung wrote:
I am lokking at designing a new email anti-virus scanning architecture for incoming mail. However, I don't see a clean way to scan email, review it for destination (bouncing etc) and then final delivery. Allow me to be more clear. 1. Internet email for x company is first identified at the firewall. 2. The firewall knows to pass SMTP traffic to a A/V scanning server, which it does 3. The A/V Servers finds nothing and sends back the message information to the firewall 4. The firewall then allows the email to the mail relay server on it service network (MX) 5. The Mail relay server (running sendmail) scans the envelope and other information to determine if the email is for a domain it is accepting mail for... 6. The mail relay host delivers mail to an internal SMTP server for final deliver to the email system. Questions: This almost seems like its too complicated with the seperate A/V Server and mail relay host. The delivery time is not the main concern, but rather the complexity and the steps the messages takes to finally get delivered. Anyone created such a beast? Because of the software (A/V) you have only a small choice of platforms, as well as the relay host. Therefore, you almost have to have something like this. Of course, this assumes that your company policy is to scan the email before it is allowed into the internal network (good idea). Otherwise you could do desktop scanning, or mail server scanning. INFO: The FW is FW-1 using CVP. The A/V server is NT running an A/V application to check SMTP and the mail relay host is a Sun Ultra running sendmail 8.9.x Your thoughts on this are requested... Matt McClung Net.Works Security Engineer mmcclung () ndwcorp com
Current thread:
- SMTP A/V Design Matt McClung (Feb 17)
- Re: SMTP A/V Design Jay Tribick (Feb 18)
- Re: SMTP A/V Design Randy Grimshaw (Feb 18)
- Re: SMTP A/V Design Christoph Schneeberger (Feb 18)
- Re: SMTP A/V Design Rodney van den Oever (Feb 22)
- <Possible follow-ups>
- Re: SMTP A/V Design Matt McClung (Feb 25)