About
This software block SMTP sessions used by e-mail worms and viruses on the NA(P)T router. It acts like proxy, intercepting outgoing SMTP connections and scanning session data on-the-fly. When messages is infected, the SMTP session is terminated. It's to be used (mostly) by ISPs, so they can eliminate infected hosts from their network, and (preferably) educate their users.
[back to top]
Features
Features include:
   1. Transparency - is meant to be totally transparent for users, but stone-build for worms 

   2. Message data is intercepted on-the-fly, and scanned just before acknowledged to SMTP server
   3. Accepts STARTTLS (without scanning)
   4. Does not break AUTH or PIPELINING
   5. Can insert source IP (pre-NAT) and ident* into message header
   6. Can block any mail from infected hosts for defined time
   7. Logging of MAIL FROM and RCPT TO (plain or as base64-ed MD5)
   8. Logging of HELO/EHLO hostname
   9. Can impose some limits on number of SMTP sessions: total, per IP, per ident*
  10. Can reject connections when load exceeds some limit
  11. Can skip spam-scanning if load is high
  12. Executing user script on certain events
  13. Scanning limited to messages up to configured size
  14. Can be used to build scanning-farm for one or more routers*
  15. Logs all connections via syslog
  16. Has nifty status screen 
