Postfix anti-antivirus (was Re: [linux-elitists] procmail recipe for mydoom?)

Tilghman Lesher
Tue Feb 3 21:07:59 PST 2004

On Tuesday 03 February 2004 16:20, Jeff Waugh wrote:
> <quote who="Tilghman Lesher">
> > > If the client is an MTA, and you reject the mail, the MTA will
> > > send a bounce. You can't guarantee that all virus mail is being
> > > sent by shitty SMTP client code in worms. ;-) They usually fall
> > > back to upstream MTAs anyway.
> >
> > Yes, but that simply redirects the problem; it does not add to it. 
> > Please keep in mind that when I reject the virus email, I am _also_
> > an innocent user.  Does it really matter at this point which
> > innocent user has to deal with the virus email?
> It does add to the problem. Forged-sender worm hits your server, you
> reject it, thus kicking the client MTA into sending a bounce. Aren't
> you sick of getting these yet (or blocking them)? By discarding the
> virus mail, you stop this horrible loop before it starts.

As others have already remarked, discarding emails automatically is a
bad thing.  For those times when your filter catches a false positive,
it's better to bounce the message than to silently discard it, as, at
the very least, the sender will know that you didn't receive his/her


More information about the linux-elitists mailing list