Postfix anti-antivirus (was Re: [linux-elitists] procmail recipe for mydoom?)

Jeff Waugh
Tue Feb 3 23:26:34 PST 2004

<quote who="Tilghman Lesher">

> Oh, for example, you block abc.zz foreign ISP because you've only received
> Nigerian scam spams from that netblock, and suddenly an old friend turns
> up in Nigeria on that same netblock and sends you an email.  They'd never
> know that your MTA silently discarded the email.  There can be good emails
> even from $KNOWN_SCAM_DOMAIN.
> We can sit around and churn up hypotheticals all day.  The fact is that I
> have blocked netblocks at the MTA level due to spam or viruses that I
> subsequently had to remove because friends happened to be using those same
> netblocks.  If I had been relegating those emails to /dev/null instead of
> bouncing them properly, I might never have known that I was a little
> overzealous.

I never block netblocks at the MTA manually (given the potential for false
positives), preferring to do dynamic short-window blocking of individual
IPs. It's not a hypothetical -> only discard stuff you know you can. Then
figure out if it's worth the complexity and failure points of using external
daemons during the SMTP transaction... In my experience, it's totally not
worth it. Max pain, no gain.

- Jeff

GVADEC 2004: Kristiansand, Norway          
  There's no horse higher, no mailing list taunt lower, no developer base
                wider. Rock My Code in the Bosom of Debian.

More information about the linux-elitists mailing list