Postfix anti-antivirus (was Re: [linux-elitists] procmail recipe for mydoom?)

Ben Finney ben@benfinney.id.au
Tue Feb 10 19:13:43 PST 2004


On 11-Feb-2004, Jeff Waugh wrote:
> Sure, I totally agree that if every MTA rejected malware, we would be
> in a wonderful, blissful state of joy. But the reality is that they
> don't

That reality can be changed.

> and you can guarantee that matched, modern worms forge their sender
> envelope and address. So rejecting them *HAS NO PURPOSE* at all.

Non sequitur.  The fact that worms come with forged sender addresses
does not render the rejection purposeless.

> There have been times in this conversation when various people have been
> confusing spam, forging worms and general virus muck.

True.  The rejection hard-line I speak of is only for *known* malicious
content, that every relay MTA should be rejecting.

Spam is much more subjective (leaving aside that worms can be classified
as a sub-category of unsolicited bulk email).

> There are lots of different perspectives on all of these, but it seems
> that people who actively believe that rejecting forged mail makes
> sense are doing so more out of "eye for an eye" than any other
> reason...

Nope.  "eye for an eye" would have me damaging the *originators* of this
crap.  Much as I want to do that too, I can't.  It's unrelated to my
motivation for rejecting known-bad mail.

By rejecting known-bad mail at SMTP time, I'm saying two things:

  - I don't accept this mail (and I'm telling you because RFC2821 tells
    me I should), because it's known to be bad.
  - You (the MTA trying to send it to me) shouldn't have accepted it
    either.

Vengeance doesn't fit there.

> "Well, it's their fault anyway, so they should clean my mess up too!"

How is it "my", i.e. the destination's, mess?  I think that's at the
core of this disagreement.

-- 
 \        "If you ever drop your keys into a river of molten lava, let |
  `\              'em go, because, man, they're gone."  -- Jack Handey |
_o__)                                                                  |
Ben Finney <ben@benfinney.id.au>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: Digital signature
Url : http://allium.zgp.org/pipermail/linux-elitists/attachments/20040211/b9f8e54d/attachment.pgp 


More information about the linux-elitists mailing list