Postfix anti-antivirus (was Re: [linux-elitists] procmail recipe for mydoom?)

Tilghman Lesher zgp-org@the-tilghman.com
Tue Feb 3 22:05:11 PST 2004


On Tuesday 03 February 2004 23:21, Jeff Waugh wrote:
> <quote who="Tilghman Lesher">
>
> > As others have already remarked, discarding emails automatically is
> > a bad thing.  For those times when your filter catches a false
> > positive, it's better to bounce the message than to silently
> > discard it, as, at the very least, the sender will know that you
> > didn't receive his/her message.
>
> Why would you have SMTP-time filters that might catch a false
> positive? How would you get a false positive of a forged-sender worm
> email when you're catching them on specific, identifiable chunks of
> the data?

Oh, for example, you block abc.zz foreign ISP because you've only
received Nigerian scam spams from that netblock, and suddenly an old
friend turns up in Nigeria on that same netblock and sends you an email.
They'd never know that your MTA silently discarded the email.  There can
be good emails even from $KNOWN_SCAM_DOMAIN.

We can sit around and churn up hypotheticals all day.  The fact is that
I have blocked netblocks at the MTA level due to spam or viruses that I
subsequently had to remove because friends happened to be using those
same netblocks.  If I had been relegating those emails to /dev/null
instead of bouncing them properly, I might never have known that I was
a little overzealous.

-Tilghman




More information about the linux-elitists mailing list