Postfix anti-antivirus (was Re: [linux-elitists] procmail recipe for mydoom?)

Ben Finney ben@benfinney.id.au
Tue Feb 10 17:55:05 PST 2004


On 11-Feb-2004, Jeff Waugh wrote:
> <quote who="Ben Finney">
> > If so, then how are we to identify such misbehaving MTAs?
> 
> The "identify". It's forged

No.  The misbehaving MTA is the one that:

  - accepts the malware for delivery to a third person
  - tries to deliver it to the destination, which rejects it
  - sends a bounce message to the forged sender address

The first item is the misbehaviour; the latter two items allow the
misbehaving MTA to be identified.  (The last item, sending the bounce to
a forged sender, is the best it can do *at that point*, but the cause
was accepting the crap in the first instance.)

-- 
 \     "Tis more blessed to give than to receive; for example, wedding |
  `\                                   presents."  -- Henry L. Mencken |
_o__)                                                                  |
Ben Finney <ben@benfinney.id.au>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: Digital signature
Url : http://allium.zgp.org/pipermail/linux-elitists/attachments/20040211/6a1b8eb6/attachment.pgp 


More information about the linux-elitists mailing list