[Dovecot] Transparent IMAP proxy
Hi,
I'm considering patching Dovecot to work as a transparent (and virus scanning) IMAP proxy.
What is the appropriate feature to extend? (I've considered the following: IMAPC and reverse proxying, with IMAPC looking more promising since it actually parses IMAP communication).
Can anyone who is familiar with the IMAPC code recommend what are the most appropriate locations in the code to make the required changes? (I've considered hooking the storage virtual functions and making the settings local rather than global - but would appreciate more specific ideas).
Thanks.
Am 16.06.2013 15:42, schrieb Yonatan Broza:
I'm considering patching Dovecot to work as a transparent (and virus scanning) IMAP proxy
why would someone implement a virus scanner on the IMAP-level? what happens with POP3?
this has to be done on SMTP level long before the message is stored and not every time a client is downloading a message
From: Reindl Harald
why would someone implement a virus scanner on the IMAP-level? what happens with POP3?
this has to be done on SMTP level long before the message is stored and not every time a client is downloading a message
Or, as an alternative, most desktop antivirus tools have a mail-scanning capability. But SMTP is certainly better (though IMO even that is not really needed if you have reasonable antispam filtering and think before opening attachments).
Cheers Eugene
On 06/16/2013 01:31 PM, Eugene wrote:
Or, as an alternative, most desktop antivirus tools have a mail-scanning capability. But SMTP is certainly better (though IMO even that is not really needed if you have reasonable antispam filtering and think before opening attachments). In my experience, an anti-virus is left with almost nothing to catch if you let spamassassin reject mail above a certain score, and so the AV never gets to see those. However one benefit of delaying AV scanning is that you get later signatures, so you could potentially deal better with 0-hour viruses. But overall AV is just ineffective.
On 16.6.2013, at 16.42, Yonatan Broza yonatan@cuppcomputing.com wrote:
I'm considering patching Dovecot to work as a transparent (and virus scanning) IMAP proxy.
What is the appropriate feature to extend? (I've considered the following: IMAPC and reverse proxying, with IMAPC looking more promising since it actually parses IMAP communication).
Can anyone who is familiar with the IMAPC code recommend what are the most appropriate locations in the code to make the required changes? (I've considered hooking the storage virtual functions and making the settings local rather than global - but would appreciate more specific ideas).
imapc and http://dovecot.org/patches/2.1/mail-filter.tar.gz can do this. But note that the MIME structure or the parts' sizes must not change. Basically you'll have to replace the viruses with empty spaces or something.
imapc isn't very efficient though. It translates all IMAP commands to rather simple ones. So for example a SEARCH won't be passed through to the backend server.
participants (6)
-
Andrzej A. Filip
-
Eugene
-
Gedalya
-
Reindl Harald
-
Timo Sirainen
-
Yonatan Broza