Henk van Lingen wrote:
> Whether it is wise is another thing. I do virusscanning after smtp-accept,
> to prevent load surprises. As long as you don't join those idiots that
> bounce virus errors...
What do you exactly mean by "bouncing virus errors":
- accepting virus, and than generating bounce (with virus included)?
- accepting virus, and than generating bounce (no virus included)?
- generating 5xx error after DATA and dot?
- not accepting notifications from AV about detected viruses?
- something else?
IMO, the cleanest way to deal with viruses is generating 5xx after 'dot
on the line by itself' on SMTP level. You tell the other side you are
not accepting the email. You do not generate bounce (the other side
might). Most viruses use their own SMTP engine, so there's no bounce
generated when delivery fails.
If there is a bounce generated by somebody in the middle, the virus had
to get faked address from somewhere (infected user's addressbook in
99.999% cases). So there will be a virus flying to faked sender anyhow.
You are not protecting anybody from infection by preventing bounce
generation. Moreover, faked sender is likely to know who real sender
was (he was in his addressbook, to start with), and upon seeing the
bounce can warn him that he is infected. Or he can forward the bounce
to ISP's abuse address, and they'll do the right thing.
Also, if the virus is of the type that might trigger bounce generation,
there will be some bounces generated anyhow. Basically, for every
address in infected user's addressbook that doesn't exist anymore.
Average user has a nice collection of those too.
I don't believe in "let's hide the problem" phylosophy. Hopefully, that
doesn't put me in your "idiots" category ;-)
--
Aleksandar Milivojevic <amilivojevic@xxxxxx> Pollard Banknote Limited
Systems Administrator 1499 Buffalo Place
Tel: (204) 474-2323 ext 276 Winnipeg, MB R3T 1L7
