P3scan Suggestion

EddieA · 2018-03-22 19:32:54 UTC

While testing out mail2, I noticed that all the mails generated locally by NS were being scanned twice. It appears they are scanned as part of the SMTP inbound process and then again, by p3scan when I pull them from my server to my local Thunderbird client.

Looking at the manual, it says (my highlighting):

The POP3 proxy intercepts connection to external servers

So I started looking at what was necessary to make p3scan work as documented, because I can’t think of a reason when pulling mails from NS that a second rspamd pass is necessary.

It turns out it was a simple as updating one option in the relevant ShoreWall rules file (90p3scan):

$OUT .="REDIRECT       loc     8110    tcp     110     -       -\n";
$OUT.="REDIRECT    loc     8110    tcp     995     -       -\n";

Becomes:

$OUT .="REDIRECT       loc     8110    tcp     110     -       !192.168.0.254\n";
$OUT.="REDIRECT    loc     8110    tcp     995     -       !192.168.0.254\n";

This really needs a dynamic way to specify NS’s IP. I tried “!$FW”, but ShoreWall didn’t like that. So suggestions welcomed about how to make it dynamic.

Cheers.

mrmarkuz · 2018-03-22 20:07:07 UTC

Example that gets all IPs:

Documentation:

perldoc esmith::NetworksDB

http://docs.nethserver.org/projects/nethserver-devel/en/v7/databases.html#access-via-the-perl-api

davidep · 2018-03-24 22:30:01 UTC

Are you saying the same message is scanned the first time when it’s sent via smtp then scanned again when it’s retrieved from an external POP3 server? If so, it seems normal as both directions must be checked. Probably I didn’t understand

EddieA · 2018-03-25 01:58:30 UTC

Not quite. This is a distinction between a local and external POP3 mailbox/server.

When an e-mail is sent to an NS user it is scanned when it is received via SMTP and stored in a local mailbox. Then when that message is pulled from the NS mailbox, by a user on the local network, it is scanned again. It’s that second scan I am eliminating, as the message has already been scanned before it’s put in the mailbox.

A second case, I haven’t looked at yet, is when a local user, either on the NS server itself (root, admin, etc) or someone on the local network, sends a mail to another NS user, does that mail really need to be scanned.

Cheers.