Re: [fw-wiz] i-cap proposals
From: Carson Gaspar (carson_at_taltos.org)
Date: 02/15/05
- Previous message: Mathew Want: "RE: [fw-wiz] PIX 501 inbound NAT problem"
- In reply to: ArkanoiD: "Re: [fw-wiz] i-cap proposals"
- Next in thread: ArkanoiD: "Re: [fw-wiz] i-cap proposals"
- Reply: ArkanoiD: "Re: [fw-wiz] i-cap proposals"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: firewall-wizards@honor.icsalabs.com Date: Tue, 15 Feb 2005 02:08:59 -0500
--On Sunday, February 13, 2005 12:10 PM +0300 ArkanoiD <ark@eltex.net>
wrote:
> Yes, IMAP is a content inspection nightmare - it was really insane to
> deisgn it the way each one of zillion ways to get an email sliced to
> little pieces and sucked down is mandatory to be implemented on server
> and, thus, on the proxy!
No, it makes perfect sense. And it's why IMAP4 is the only mail client
protocol that behaves well on low bandwidth links (and can be safely taken
offline and re-sync'd). POP3 is the insane mail protocol. But I admit that
proxying and scanning the content is much easier with stupid protocols.
You really should be doing scanning on the server. If you don't control the
server, why are you allowing people to access it? If you insist on doing
in-line scanning between the server and client, one option is to keep state
on which messages have already been scanned during this session (pay
attention to UIDVALIDITY). If any part (or any body part - see below) of a
message which hasn't been scanned is fetched, do a full fetch in the proxy
and scan it. If you trigger a scan on a header fetch, the user experience
will suck, since most IMAP clients fetch from, date, and subject headers
for a large subset of messages to display the mailbox summary.
-- Carson _______________________________________________ firewall-wizards mailing list firewall-wizards@honor.icsalabs.com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
- Previous message: Mathew Want: "RE: [fw-wiz] PIX 501 inbound NAT problem"
- In reply to: ArkanoiD: "Re: [fw-wiz] i-cap proposals"
- Next in thread: ArkanoiD: "Re: [fw-wiz] i-cap proposals"
- Reply: ArkanoiD: "Re: [fw-wiz] i-cap proposals"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
