Postfix anti-antivirus (was Re: [linux-elitists] procmail recipe for mydoom?)

Jeff Waugh jdub@perkypants.org
Tue Feb 3 14:20:29 PST 2004


<quote who="Tilghman Lesher">

> > If the client is an MTA, and you reject the mail, the MTA will send a
> > bounce. You can't guarantee that all virus mail is being sent by shitty
> > SMTP client code in worms. ;-) They usually fall back to upstream MTAs
> > anyway.
> 
> Yes, but that simply redirects the problem; it does not add to it.  Please
> keep in mind that when I reject the virus email, I am _also_ an innocent
> user.  Does it really matter at this point which innocent user has to deal
> with the virus email?

It does add to the problem. Forged-sender worm hits your server, you reject
it, thus kicking the client MTA into sending a bounce. Aren't you sick of
getting these yet (or blocking them)? By discarding the virus mail, you stop
this horrible loop before it starts.

- Jeff

-- 
GVADEC 2004: Kristiansand, Norway                    http://2004.guadec.org/
 
  If Perl is gaffer, and Python is Magic Tape, then Ruby is self-adhesive
                                plate gold.



More information about the linux-elitists mailing list