Mon Sep 22 12:48:53 PDT 2003
On Monday 22 September 2003 02:19 pm, Nick Moffitt wrote:
> begin Tilghman Lesher quotation:
> > On Monday 22 September 2003 01:47 pm, Matthew Galgoci wrote:
> > > What I don't care to generate is return to sender bounce
> > > messages that go to people that didn't send a virus to begin
> > > with. I assert that the bounce messages, just in sheer volume,
> > > are as bad as the virus spam that caused them.
> > But that's just the point. When you block a virus email at the
> > SMTP level, you're usually blocking the computer which is
> > actually infected with the virus. And if it's not, the computer
> > relaying it to you is an open relay, which you shouldn't be
> > accepting email from anyway.
> You're ignoring two other possibilities:
> 1: legitimate locked-down relay
Yes, if you have a multi-stage mail relay, you put your virus checks
on the outer relay, so that the infected email never touches your
internal mail delivery mechanism.
> 2: forged headers
> #2 is likely what Matthew meant by "people that didn't send a virus
> to begin with."
Explain exactly how this is relevant. Rejecting an email at the SMTP
level does not create a new email which bounces back to a forged
sender; it tells the sending SMTP machine that the email is not
welcome. Unless #1 applies (or the machine is an open relay), then
the machine sending it to you is infected. So the question I posed
before applies: how is this different from the infected machine
sending another infected email to another party, other than the fact
that it cut you out of the loop?
Forged headers are only relevant when you've chosen to accept an email
at the SMTP level, then attempt to bounce it later. While I've seen
any amount of false bounces due to a mail server attempting to bounce
a message after the fact (a few dozen from Sobig.F), I have never seen
an SMTP rejection of an email result in a false bounce.
More information about the linux-elitists