[PLUG] On the topic of spam & MS-virii
AthlonRob
AthlonRob at axpr.net
Fri Feb 6 11:50:03 UTC 2004
On Fri, 2004-02-06 at 11:21, Rich Shepard wrote:
> Thank you for the thoughtful and complete exposition. I suppose that I
> should have mentioned in my original message that it was 'amvisd' (did I get
> that name correct?) that detected the viral message. So I assume that the
> virus checker is set to respond to the sender's name (in your case 2) and
> not run 'whois' to find who actually sent it.
It's amavisd, or more proper, AMaViSd. :-)
It is easy to configure amavis to silently drop viruses and spams...
which is, unfortunately, what I have been forced to do. Postmaster
still gets them in his mailbox (I capture all outbound port 25 traffic
and send it through AMaViS, so if an internal machine becomes infected,
I want to know about it).
> Is the latter what you are doing?
If I read his email right, no that is not what he is doing. When you're
rejecting messages, you either reject it while it is being transmitted
to your server, telling the sending server "hey, I'm not gonna take this
email, so you are in charge of notifying the sender about that."... or
you reject it after having already accepted it... you say "ok, I'll take
the message. Have a nice day" and then you scan it and find out you
don't want to actually put it in your user's mailbox, so how is the
sender to know his message wasn't delivered? Your mail server is in
charge of the message now, so it is its responsibility to notify the
sender of the message their message didn't go through.
The problem with virus and spam scanning is it is difficult to identify
the virus or the spam before accepting it for delivery. So your server
is supposed to, according to the RFCs, notify the sender (designated in
the email itself) that their message is not going to be delivered. The
problem with this is the sender is virtually always spoofed.
Paul's method doesn't accept the message, decide not to deliver it, look
up the owner of the IP, and email them... Paul's method manages to scan
the emails BEFORE saying it will accept them for delivery. This way,
the burden of notification lies on the sending server (and in the case
of viruses with their own smtp engines, no bounce email is ever
generated).
I'd be interested to hear exactly how Paul manages this... if I
understand things properly, this is what Sendmail w/ Milter is able to
do? Tie that in with AMaViSd-new and you'd no longer have to worry
about generating bounce messages.
Rob
More information about the PLUG
mailing list