Postfix anti-antivirus (was Re: [linux-elitists] procmail recipe for mydoom?)

Martin Pool mbp@samba.org
Tue Feb 10 16:04:33 PST 2004


On 11 Feb 2004, Ben Finney <ben@benfinney.id.au> wrote:

> If you mean "dropping them silently", that hides the fact that a system
> is acting as a malware vector.  An SMTP-time reject allows that vector
> to be identified.

It doesn't hide it at all.  The destination machine logs that it has
received malware from a particular address, and it's admins can react
appropriately.

An SMTP-time reject reports the problem to some other random person on
the internet.

> Or, better, the recipients of the bounce messages can pressure the
> smarthost to stop accepting the malware in the first place.

Why doesn't the person at the destination address do that?  Why shift
the work onto the person whose address was forged?

> If that's your wish, then you'll want to identify the people who do
> relay them, and ask them not to do so.  When you receive an MTA bounce
> message for malware you didn't send, you have identified an MTA that is
> not behaving as you wish.

That's true.  Given there will be some false bounces, it's a good
thing to do.  But it would be nice if there were less.

-- 
Martin 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://allium.zgp.org/pipermail/linux-elitists/attachments/20040211/3eac3264/attachment.pgp 


More information about the linux-elitists mailing list