|
Firewall Wizards
mailing list archives
Re: i-cap proposals
From: Carson Gaspar <carson () taltos org>
Date: Tue, 15 Feb 2005 02:08:59 -0500
--On Sunday, February 13, 2005 12:10 PM +0300 ArkanoiD <ark () eltex net>
wrote:
Yes, IMAP is a content inspection nightmare - it was really insane to
deisgn it the way each one of zillion ways to get an email sliced to
little pieces and sucked down is mandatory to be implemented on server
and, thus, on the proxy!
No, it makes perfect sense. And it's why IMAP4 is the only mail client
protocol that behaves well on low bandwidth links (and can be safely taken
offline and re-sync'd). POP3 is the insane mail protocol. But I admit that
proxying and scanning the content is much easier with stupid protocols.
You really should be doing scanning on the server. If you don't control the
server, why are you allowing people to access it? If you insist on doing
in-line scanning between the server and client, one option is to keep state
on which messages have already been scanned during this session (pay
attention to UIDVALIDITY). If any part (or any body part - see below) of a
message which hasn't been scanned is fetched, do a full fetch in the proxy
and scan it. If you trigger a scan on a header fetch, the user experience
will suck, since most IMAP clients fetch from, date, and subject headers
for a large subset of messages to display the mailbox summary.
--
Carson
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
 By Date 
By Thread
Current thread:
|
Intro
