Postfix anti-antivirus (was Re: [linux-elitists] procmail recipe for mydoom?)

Karsten M. Self kmself@ix.netcom.com
Wed Feb 4 09:32:09 PST 2004


on Wed, Feb 04, 2004 at 09:20:29AM +1100, Jeff Waugh (jdub@perkypants.org) wrote:
> <quote who="Tilghman Lesher">
> 
> > > If the client is an MTA, and you reject the mail, the MTA will send a
> > > bounce. You can't guarantee that all virus mail is being sent by shitty
> > > SMTP client code in worms. ;-) They usually fall back to upstream MTAs
> > > anyway.
> > 
> > Yes, but that simply redirects the problem; it does not add to it.  Please
> > keep in mind that when I reject the virus email, I am _also_ an innocent
> > user.  Does it really matter at this point which innocent user has to deal
> > with the virus email?
> 
> It does add to the problem. Forged-sender worm hits your server, you
> reject it, thus kicking the client MTA into sending a bounce.

No.

Your 55x reject causes:

  - A virus with a minimal SMTP server to not give a whit.

  - A smarthosted SMTP server to reject the mail to the sending client.
    Which it, unlike you, can identify.

In at least one case, you're getting the attention of the person
actually _causing_ the problem that they should fix something.

> Aren't you sick of getting these yet (or blocking them)? 

What I'm sick of is explaining to people who really should know better
the difference between an SMTP reject and an email nondelivery
notification based on spoofed headers.


Peace.

-- 
Karsten M. Self <kmself@ix.netcom.com>        http://kmself.home.netcom.com/
 What Part of "Gestalt" don't you understand?
    The truth behind the H-1B IT indentured servant scam:
    http://heather.cs.ucdavis.edu/itaa.real.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://allium.zgp.org/pipermail/linux-elitists/attachments/20040204/e59b924e/attachment.pgp 


More information about the linux-elitists mailing list