Postfix anti-antivirus (was Re: [linux-elitists] procmail recipe for mydoom?)

Martin Pool mbp@samba.org
Tue Feb 10 19:27:05 PST 2004


On 11 Feb 2004, Ben Finney <ben@benfinney.id.au> wrote:
> On 11-Feb-2004, Jeff Waugh wrote:
> > Sure, I totally agree that if every MTA rejected malware, we would be
> > in a wonderful, blissful state of joy. But the reality is that they
> > don't
> 
> That reality can be changed.
> 
> > and you can guarantee that matched, modern worms forge their sender
> > envelope and address. So rejecting them *HAS NO PURPOSE* at all.
> 
> Non sequitur.  The fact that worms come with forged sender addresses
> does not render the rejection purposeless.

Could you explain what purpose it achieves?

> True.  The rejection hard-line I speak of is only for *known* malicious
> content, that every relay MTA should be rejecting.

We seem to all agree here.

> By rejecting known-bad mail at SMTP time, I'm saying two things:
> 
>   - I don't accept this mail (and I'm telling you because RFC2821 tells
>     me I should), because it's known to be bad.

Filtering out mail after accepting it does not contravene SMTP
standards.  The destination by accepting the mail says "I have taken
responsibility for it."

The fact that you have rejected something that everyone would reject
carries no useful information.

The virus doesn't care whether you accepted it or not.

>   - You (the MTA trying to send it to me) shouldn't have accepted it
>     either.

If it's something that everyone in the world would agree ought to be
dropped, then there is no point in saying so.  The sending SMTP
machine clearly doesn't care.  The appropriate way to report that is
with mail to their postmaster, not a rejection.  The forged sender who
will receive the bounce has little control over it; at most they can
complain to the relay but so can you.

-- 
Martin 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://allium.zgp.org/pipermail/linux-elitists/attachments/20040211/9fe66be8/attachment.pgp 


More information about the linux-elitists mailing list