Operating System - OpenVMS
1748237 Members
3600 Online
108759 Solutions
New Discussion юеВ

TCPIP MTA (SMTP) and external antivirus software

 
SOLVED
Go to solution
Alex Chupahin
Super Advisor

TCPIP MTA (SMTP) and external antivirus software

Hello,
is it a way to setup MTA (SMTP) server from OpenVMS TCPIP services to
call an external antivirus software to check incoming mails?
It seems I cannot find a clear technique in TCPI documentation.
8 REPLIES 8
Jan van den Ende
Honored Contributor

Re: TCPIP MTA (SMTP) and external antivirus software

Alex,

no answer to your question, but... why do you need it?

No viri are even remotely capable of doing anything on/with/for/against VMS.

And if you are relaying to other, vulnerable OSes (M$, Apple, *X-on-X86) then it might by wise to use ON that platform a virusscanner FOR that platform (and subscribe to update-on-available). Those tend to be pretty quickly current for new attacks.

fwiw.

Proost.

Have one on me.

jpe
Don't rust yours pelled jacker to fine doll missed aches.
Hoff
Honored Contributor
Solution

Re: TCPIP MTA (SMTP) and external antivirus software

As available smtp daemons go, the TCP/IP Services daemon is missing a number of what are increasingly considered necessary features.

The usual approach among most sites is to simply not use TCP/IP Services for this purpose; AFAIK, the HP preferred solution here tends to be Microsoft Exchange.

Within the current environment, the hack I tend to use here is an opt-in mechanism using a (undocumented) mail transport image. Each user specifies a mail forwarding entry for themselves (or the system manager enters it explicitly), and that entry includes a transport specifier that is the kernel of the tool or scanner needed here. The scanner then overrides the forwarding entry (when appropriate) via the leading underscore notation and returns the (processed) message to the recipient. For an example of a transport image, dig up a copy of NMAIL off the OpenVMS Freeware.

It might be effective here to port over the recent OpenBSD smtpd work (a new daemon) to OpenVMS, and it might be most expeditious to use one of the Process Software IP stacks (which tend to have these features).

If HP is looking for a new smtpd for OpenVMS, I'd certainly look to the (new) OpenBSD work here, as the OpenBSD folks tend to be approximately as security-paranoid as the OpenVMS folks.
Hoff
Honored Contributor

Re: TCPIP MTA (SMTP) and external antivirus software

I'd not put any trust in any pronouncements of invulnerability to security attacks. I've been at this stuff way too long, and I've seen way too much in my tiny little corner of the universe to ever believe such statements.

I'll not comment further, though.
Alex Chupahin
Super Advisor

Re: TCPIP MTA (SMTP) and external antivirus software

Thanks.
I do not know is HP searching a new MTA.
It is interesting for me to look into new smtpd from OpenBSD (of course if you not wish to stick it for yourself, Hoff)
I forget about this OpenBSD project.
In other side, I suppose it has poor fuctionlity thought...
Alex Chupahin
Super Advisor

Re: TCPIP MTA (SMTP) and external antivirus software

>I'd not put any trust in any pronouncements of
>invulnerability to security attacks.

I think so.
It is especially when Opensource tools coming more into VMS...
Jeremy Begg
Trusted Contributor

Re: TCPIP MTA (SMTP) and external antivirus software

By and large the SMTP servers bundled with all OpenVMS TCP/IP stacks (including UCX, MultiNet and TCPware) are fairly basic in their capabilities. They're really only "end-system" MTAs, i.e. they lack most of the features normally present in a true MTA. For example, they have only limited capabilities for mail forwarding, header modifications, address rewriting, attachment handling, and so on.

If you need a really robust MTA on OpenVMS you should get hold of PMDF from Process Software.

(Disclaimer: I have been using PMDF for over 20 years and sell & support it here in Australia.)

Regards,
Jeremy Begg
Alex Chupahin
Super Advisor

Re: TCPIP MTA (SMTP) and external antivirus software

Thank you Jeremy. I put it into my mind.
But my idea is not a simple using a good ready2use MTA ;)
Geoff Bryant.
Occasional Advisor

Re: TCPIP MTA (SMTP) and external antivirus software

Jeremy pointed out our PMDF product for a full MTA, but another option is to use our PreciseMail Anti-Spam which can optionally include anti-virus.

See www.process.com