Postfix anti-antivirus (was Re: [linux-elitists] procmail recipe for mydoom?)

Rick Moen rick@linuxmafia.com
Mon Feb 2 22:50:37 PST 2004


Quoting Jeff Waugh (jdub@perkypants.org):

> <quote who="Rick Moen">
> 
> > The sa-exim patches to do SA/Razor processing _during_ SMTP sessions in
> > addition to Exim4's own rulesets knocks it out of the park for me, at
> > present.  
> 
> That's a really bad idea.
>   http://lists.slug.org.au/archives/slug/2004/02/msg00014.html

Quoted URL is Jeff's own e-mail on his technophobe mailing list in
Sydney, where he advances the idea that because of sundry theoretical
MTA failure modes, the malware e-mail should just be dropped on the
floor.

Argument suffers some key defects:

1.  It assumes malware e-mail will not be just dropped on the floor, an
    assumption not present in my post.  This is among the options that 
    the referenced software configuration make easy and natural.

2.  It postulates that rejecting unwanted mail, if such is the admin's 
    policy, "causes" the delivering MTA to generate a bounce -- which 
    is assigning responsiblity to the wrong party.  The latter MTA's 
    admin, it seems to me, is conclusively an idiot, and the only 
    question is how hard to LART him, at how frequent an interval, with
    how big a club.  I personally start with teergrubing, and move on
    from there.

3.  It assumes the mail in question is fundamentally different in kind
    from other spam, which is exactly what it strikes me as being.

I'd consider not just sending the twit a code-45x teergrube, but also a
giftwrapped copy of the entire Gutenberg Project archive, if I thought
such was lawful.

So no, O Perky One.  Not hardly.

-- 
Cheers,                   The cynics among us might say:   "We laugh, 
Rick Moen                 monkeyboys -- Linux IS the mainstream UNIX now!
rick@linuxmafia.com       MuaHaHaHa!" but that would be rude. -- Jim Dennis



More information about the linux-elitists mailing list