On Tue, Mar 15, 2005 at 11:23:15AM -0600, Aleksandar Milivojevic wrote:
> Henk van Lingen wrote:
> > Whether it is wise is another thing. I do virusscanning after
> > smtp-accept,
> > to prevent load surprises. As long as you don't join those idiots that
> > bounce virus errors...
I didn't intend a MTA-war or whatever, just had to correct some fud
about postfix :-) Having said that,
> What do you exactly mean by "bouncing virus errors":
> - accepting virus, and than generating bounce (with virus included)?
> - accepting virus, and than generating bounce (no virus included)?
> - generating 5xx error after DATA and dot?
> - not accepting notifications from AV about detected viruses?
> - something else?
I meant sending stuff to fake senders. Which however applies more
to spamstuff, but offcourse virusses are also used for spamming today.
Anyway: I agree that you can 5xx a virus after the single dot. But not
at any time later. Personnaly, i don't do it because off said performance
risks for larger sites. So i drop them silently, after all false positives
are not a serious issue with virusscanning (ClamAV in my case)
> IMO, the cleanest way to deal with viruses is generating 5xx after 'dot
> on the line by itself' on SMTP level. You tell the other side you are
> not accepting the email. You do not generate bounce (the other side
> might). Most viruses use their own SMTP engine, so there's no bounce
> generated when delivery fails.
Fine with me.
> If there is a bounce generated by somebody in the middle, the virus had
> to get faked address from somewhere (infected user's addressbook in
> 99.999% cases). So there will be a virus flying to faked sender anyhow.
> You are not protecting anybody from infection by preventing bounce
> generation. Moreover, faked sender is likely to know who real sender
> was (he was in his addressbook, to start with), and upon seeing the
> bounce can warn him that he is infected. Or he can forward the bounce
> to ISP's abuse address, and they'll do the right thing.
Maybe faked senders mostly don't understand a bit of bounce messages.
> I don't believe in "let's hide the problem" phylosophy. Hopefully, that
> doesn't put me in your "idiots" category ;-)
No. But "let's make the problem bigger" also doesn't help. I just reject
RBL etc. stuff, I tag spam as such and I drop virusses. Do what you like,
as long as you don't send stuff back to people who didn't send something
in the first place.
Cheers,
--
Henk van Lingen, Systems & Network Administrator (o- -+
Dept. of Computer Science, Utrecht University. /\ |
phone: +31-30-2535278 v_/_
http://henk.vanlingen.net/ http://www.tuxtown.net/netiquette/
