Postfix anti-antivirus (was Re: [linux-elitists] procmail recipe for mydoom?)
Tue Feb 10 16:04:33 PST 2004
On 11 Feb 2004, Ben Finney <firstname.lastname@example.org> wrote:
> If you mean "dropping them silently", that hides the fact that a system
> is acting as a malware vector. An SMTP-time reject allows that vector
> to be identified.
It doesn't hide it at all. The destination machine logs that it has
received malware from a particular address, and it's admins can react
An SMTP-time reject reports the problem to some other random person on
> Or, better, the recipients of the bounce messages can pressure the
> smarthost to stop accepting the malware in the first place.
Why doesn't the person at the destination address do that? Why shift
the work onto the person whose address was forged?
> If that's your wish, then you'll want to identify the people who do
> relay them, and ask them not to do so. When you receive an MTA bounce
> message for malware you didn't send, you have identified an MTA that is
> not behaving as you wish.
That's true. Given there will be some false bounces, it's a good
thing to do. But it would be nice if there were less.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: Digital signature
Url : http://allium.zgp.org/pipermail/linux-elitists/attachments/20040211/3eac3264/attachment.pgp
More information about the linux-elitists