I'm looking to create a black box solution that an IT administrator for a organization could easily install. They could pop it into the server rack and direct all incoming and outgoing email through it.
It would do some analysis of these emails (similar to anti-virus software) and then send the emails on their merry way. To be more specific, I want to create a digital finger print of the email and its attachments which would be stored on the machine and also send to an off-site server.
First off, in a general sense; Is this a reasonable way to make this work? Do you see any pit falls either technically or politically for a IT department to install this if requested by management?
To follow on that; What kind of open source or off-the-shelf solutions could be used as a base for this system? The analysis and finger print software we have already.
We are in the early stages of designing this solution so I open to ideas.
It's a little bit subjective as everybody has their favourite MTA.
I'd like to offer up Exim though.
For the reasons I gave here and I know it's possible to do what you're after.
You could go with your preferred Linux/BSD distribution (I'd choose Debian for its maintenance quality, ease of use and upgrade), with your favorite MTA ( postfix is all the rage currently, but exim or sendmail are OK), ClamAV to kill viruses, spamassassin to filter spam, stick webmin atop as a GUI, et voilà!
It shouldn't take more than a day to set up to a seasoned administrator. There are tons of examples and tutorials about this out on the internets.
If you install a base debian (without X),
aptitude install postfix clamav-milter spamassassin-miltershould already give you a working mail server with spam and virus filtering.
This would be fairly simple to do using any MTA, but for my example and for sake of what is popular (and what you can receive a lot of free support for) I will use postfix.
In the master.cf file, they have the option to pipe message to a 'spawn'ed process. You can create a program - in perl, php, c or your languange of choice, then pipe the message to this program to do any kind of fingerprinting you want on it. This program would handle uploading the fingerprints to an external server.
The command would go at the end of master.cf, like so:
You then add a policy service line to main.cf under 'smtpd_recipient_restrictions =' such as:
This will launch the script on every recipient; you would write into this policy script to only allow message through if fingerprint is successful. Also of note, check_policy_service can connect to a TCP socket, so if your fingerprint software is running as a TCP server somewhere you could connect to it directly.
As far as any technical or political pitfalls - technically it puts another link in the chain, another point of failure, so it weakens the stability of the system a bit. Politically, it totally depends on your users - legally in the US an employer can do just about anything with work e-mail. I'm sure they wouldn't be happy (depending on what you are doing - it is not clear what this fingerprinting accomplishes) but would probably get used to it.
Companies like MessageLabs and EmailSystems provide SaaS solutions for this kind of thing. McAfee do an Appliance which also hits some of your points.
Are you looking to build a free version of something similar? If so have you checked VMWare's appliance listings as I'm sure I've seen some on there.