Qmail-scanner & toaster-watcher tcp.smtp blocking

Started by LogicX, April 06, 2004, 12:08:43 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions

LogicX

April 06, 2004, 12:08:43 AM
Question for ya Matt -- as I understand it here's how the system should work for blocking virus senders -- and heres the problem I'm seeing, along with a proposed solution.


How it should be:

mail comes in, goes to a processing location
qmail-scanner runs on it -- if it finds its virus laden, it drops delivering it, and puts the mail in a quarantine folder --

then comes along toaster-watcher -- run every 5 minutes from cron
if qs_quarantine_process & qs_block_virus_senders are enabled in toaster-watcher.conf then
it'll come in, parse those emails that are in the quarantine folder, get the IPS, and add them to the ~vpopmail/etc/smtp.tcp file...
and send me a notification email that it dealt with a virus saying: "found 1 infected files"

*** then tcprules (either directly, or through qmailctl cdb) must be run on tcp.smtp to turn it into tcp.smtp.cdb ***

then the smtpd comes along, reads tcp.smtp.cdb at each run (defined in the service/run file for smtpd), and it'll stop our toaster from accepting any further emails for 24 hours from that sending host; so that they hopefully resolve their virus issue.

This will stop me from getting more notifcation emails about the same host for atleast 24 hours.


What I am seeing:
I get an email everytime the host tries to resend the email --
smtpd is not blocking hosts
tcp.smtp IS updated; tcp.smtp.cdb is NOT updated.

Reading the code -- it seems toaster-watcher.pl --
=item Qmail-Scanner Quarantine Processing
should be turning tcp.smtp into tcp.smtp.cdb after it succesfully executes the UpdateVirusBlocks routine.

back me up Matt, am I totally off base? is there some other outside solution I'm missing? should I just be running tcprules from cron (or qmailctl cdb) separately from toaster-watcher?

Thanks for the help.
--- May this post be indexed by spiders, and archived for all to see as my internet epitaph.
http://fpux.com" target="_blank">http://fpux.com

LogicX

#1
April 07, 2004, 01:51:55 AM
and somewhere in there ---

-- I upgraded to mysql 4.1, so I had to recompile things, reinstalled a bunch of the toaster stuff -- and now it works --tracked down the tcp.smtp.cdb updating as coming from the runs of /usr/vpopmail/bin/clearopensmtp
-- which was in my crontab before -- not sure WHY it wasn't working before and suddenly is now
--- May this post be indexed by spiders, and archived for all to see as my internet epitaph.
http://fpux.com" target="_blank">http://fpux.com
Print
Go Up Pages1
User actions