scanning after smtp receival, not before qmail-queue

Hello,

I'd like to improve the way my qmail system scans messages...

qmail with qmail-scanner + virus scan and spamassassin
I do not use the QMAILQUEUE patch - the qmail scanner and spamc are invoked
using a script that replaces qmail-queue's binary (manually the same what
the QMAILQUEUE patch does).
Every time the queue is invoked, the email will be scanned and evtl. tagged
as spam message - works fine.

My problem is that if an incoming message is being forwarded (e.g. to
another mailaccount locally on the same machine), the mail will be put back
into the queue and thus it will be scanned a second time - calling perl
scanner, spamc and the virus scanner.
No problem in everyday's email, but with many messages coming in and being
scanned two times, it will take very long (and it is ram consuming calling
the virus scanner twice).

Is there a way of substituting the qmail-smtp binary with a script like the
qmail-queue?
So I could do the spam tagging and virus scanning after the message has been
received and then it could be put into the queue.

Best regards
Thomas.

Thomas Krug wrote:

> Hello,
>
> I'd like to improve the way my qmail system scans messages...
>
> qmail with qmail-scanner + virus scan and spamassassin
> I do not use the QMAILQUEUE patch - the qmail scanner and spamc are invoked
> using a script that replaces qmail-queue's binary (manually the same what
> the QMAILQUEUE patch does).
> Every time the queue is invoked, the email will be scanned and evtl. tagged
> as spam message - works fine.
>
> My problem is that if an incoming message is being forwarded (e.g. to
> another mailaccount locally on the same machine), the mail will be put back
> into the queue and thus it will be scanned a second time - calling perl
> scanner, spamc and the virus scanner.
> No problem in everyday's email, but with many messages coming in and being
> scanned two times, it will take very long (and it is ram consuming calling
> the virus scanner twice).
>
> Is there a way of substituting the qmail-smtp binary with a script like the
> qmail-queue?
> So I could do the spam tagging and virus scanning after the message has been
> received and then it could be put into the queue.
>
> Best regards
> Thomas.
>
>
>

You probably want to setup your tcp.smtp file to distinguish between
outside and forwards.

You can have any email that comes from the internet or anything else
except localhost go to the qmail-scanner qmail-queue replacement.
Leave the qmai/bin/qmail-queue as your scanner binary and then just
point anything you do not want scanned to the real qmail-queue.

Setup tcp.smtp like this...

127.0.0.:allow,RELAYCLIENT="",QMAILQUEUE="/var/qmail/bin/qmail-queue-real"
192.168.3.:allow,RELAYCLIENT="",QMAILQUEUE="/var/qmail/bin/qmail-queue"

Sam

Sam <news.sam-keyword-NewsAllow.53cdca@lot3.net> wrote:
> Thomas Krug wrote:
>
>> [scanning mail after qmail-smtp, not before qmail-queue]
>> [mails scanned twice when being forwarded]
>>
>>
>
> You probably want to setup your tcp.smtp file to distinguish between
> outside and forwards.
>
> You can have any email that comes from the internet or anything else
> except localhost go to the qmail-scanner qmail-queue replacement.
> Leave the qmai/bin/qmail-queue as your scanner binary and then just
> point anything you do not want scanned to the real qmail-queue.
>
> Setup tcp.smtp like this...
>
> 127.0.0.:allow,RELAYCLIENT="",QMAILQUEUE="/var/qmail/bin/qmail-queue-real"
> 192.168.3.:allow,RELAYCLIENT="",QMAILQUEUE="/var/qmail/bin/qmail-queue"
>
> Sam



Hello Sam,

thanks, that's an interesting solution. I cannot use tcp.smtp because the
mail server's users are using authenticated smtp from any ip address.
But I could rewrite my qmail-queue script to test the top few lines of the
mail for signs of "ok, I'm a forwarded mail":

if (test says this mail has already gone through the queue)
{
// forwarded mail = already being scanned
queue to qmail-queue
}
else
{
// mail has just been received -> needs to be scanned
perlscan, virus-scan, spam-tag and then qmail-queue
}

-> should work this way. Thanks for the clue!

Thomas.