Postfix anti-antivirus (was Re: [linux-elitists] procmail recipe for mydoom?)

Ben Finney ben@benfinney.id.au
Tue Feb 10 19:51:42 PST 2004


On 11-Feb-2004, Martin Pool wrote:
> On 11 Feb 2004, Ben Finney <ben@benfinney.id.au> wrote:
> > Non sequitur.  The fact that worms come with forged sender addresses
> > does not render the rejection purposeless.
> 
> Could you explain what purpose it achieves?

The same as any other SMTP error status code:  Informing the SMTP client
that the message is not accepted, with a brief explanation.

> Filtering out mail after accepting it does not contravene SMTP
> standards.  The destination by accepting the mail says "I have taken
> responsibility for it."

Indeed.  What I'm doing by rejecting at SMTP time is saying "I *already*
know this is bad, and won't accept responsibility for it".

> The fact that you have rejected something that everyone would reject
> carries no useful information.

It carries the information that "would reject" is implemented as "do
reject" at the destination but not at the relay.  That information is
valuable, because it shows who is failing to implement something that
"everybody would" reject.

> The virus doesn't care whether you accepted it or not.

Well, yes.  If I'm talking to the malware's SMTP server, the message is
rejected before it can cause any more harm.


> If it's something that everyone in the world would agree ought to be
> dropped, then there is no point in saying so.

Here seems to be the core of the disagreement.  If "everyone in the
world would agree" something ought to happen, and a particular party
is preventing it from happening, that's something that ought to be
addressed.


> The sending SMTP machine clearly doesn't care.  The appropriate way to
> report that is with mail to their postmaster, not a rejection.

Why?  I've got them on the other end of the SMTP connection at the time
they're trying to deliver malware to me.  *That* is the appropriate time
to automatically inform them of non-delivery, and the reason why.


> The forged sender who will receive the bounce has little control over
> it; at most they can complain to the relay but so can you.

First, why do you assume I won't?

Second, that's a would-be-nice action.  It doesn't obviate the
correctness of informing the SMTP client of non-delivery as early as
possible.


-- 
 \       "Kill myself? Killing myself is the last thing I'd ever do."  |
  `\                                          -- Homer, _The Simpsons_ |
_o__)                                                                  |
Ben Finney <ben@benfinney.id.au>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: Digital signature
Url : http://allium.zgp.org/pipermail/linux-elitists/attachments/20040211/62650713/attachment.pgp 


More information about the linux-elitists mailing list