Postfix anti-antivirus (was Re: [linux-elitists] procmail recipe for mydoom?)

Jeff Waugh jdub@perkypants.org
Tue Feb 3 21:21:44 PST 2004


<quote who="Tilghman Lesher">

> As others have already remarked, discarding emails automatically is a bad
> thing.  For those times when your filter catches a false positive, it's
> better to bounce the message than to silently discard it, as, at the very
> least, the sender will know that you didn't receive his/her message.

Why would you have SMTP-time filters that might catch a false positive? How
would you get a false positive of a forged-sender worm email when you're
catching them on specific, identifiable chunks of the data?

Anything that might get a false positive (such as virus scanners and spam
detection software such as spamassassin) should immediately be relegated to
post-MTA admin policy land, not SMTP-time MTA protection land.

Discarding worm and spam emails is a good thing, and you can easily do that
at SMTP time, using only the MTA, without any external daemons involved, and
without false positives. Anything that gets past the MTA can happily go off
to admin-defined policy fuckage or cleanage with all the resources required
by your AV and anti-spam software (safely on disk and queued).

- Jeff

-- 
GVADEC 2004: Kristiansand, Norway                    http://2004.guadec.org/
 
                    The Unix Way: Everything is a file.
                 The Linux Way: Everything is a filesystem.



More information about the linux-elitists mailing list