Postfix anti-antivirus (was Re: [linux-elitists] procmail recipe for mydoom?)
Tue Feb 3 21:07:59 PST 2004
On Tuesday 03 February 2004 16:20, Jeff Waugh wrote:
> <quote who="Tilghman Lesher">
> > > If the client is an MTA, and you reject the mail, the MTA will
> > > send a bounce. You can't guarantee that all virus mail is being
> > > sent by shitty SMTP client code in worms. ;-) They usually fall
> > > back to upstream MTAs anyway.
> > Yes, but that simply redirects the problem; it does not add to it.
> > Please keep in mind that when I reject the virus email, I am _also_
> > an innocent user. Does it really matter at this point which
> > innocent user has to deal with the virus email?
> It does add to the problem. Forged-sender worm hits your server, you
> reject it, thus kicking the client MTA into sending a bounce. Aren't
> you sick of getting these yet (or blocking them)? By discarding the
> virus mail, you stop this horrible loop before it starts.
As others have already remarked, discarding emails automatically is a
bad thing. For those times when your filter catches a false positive,
it's better to bounce the message than to silently discard it, as, at
the very least, the sender will know that you didn't receive his/her
More information about the linux-elitists