Re: [Exim] WISH: exiscan multiple actions

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Greg Ward
Datum:  
To: exim-users
Betreff: Re: [Exim] WISH: exiscan multiple actions
On 16 October 2002, Sheldon Hearn said:
> However, my boss would like the intended recipient of any message that
> is bounced because of prohibited content to receive a message notifying
> her of the rejection. This is in addition to the bounce message sent to
> the sender, with which we're satisfied.


[Sheldon, I've been hanging out on this list long enough to know that you
have a clue, so don't take this personally.]

PLEASE don't do this! Generating mail in response to viruses is bad; it
violates a nascent principle that I think I will call the Principle of
Minimum Junk Mail: take no action that would increase the total amount
of junk mail on the Internet.

In particular, if your server receives a virus for target@???,
allegedly from user@???, there are a variety of possible
responses:

  * Reject it at SMTP time -- the ideal solution; it makes the virus
    somebody else's responsibility.  If all mail servers did this,
    there wouldn't be an email virus problem.


  * Drop it on the floor.  Not good -- false positives are always
    possible.


  * Save it somewhere for periodic manual review.  Royal pain in
    the neck with viruses, because there are so damn many of them.


  * Send a "You sent us a virus!" message to user@???.  Big
    fat waste of time and resources for everyone, because more than
    likely the virus just forged user@???, and his PC isn't
    the infected one.  This violates the Principle of Minimum Junk
    Mail.


  * Send a "We intercepted a virus for you!" message to
    target@???.  This, IMHO, is the dumbest response
    of all: you've just substituted one junk email for another.
    Unless your users actually use Outhouse and are vulnerable to
    viruses, then why bother to block the virus in the first place?


    Even worse is to assume that the address in the "To" header
    is the recipient of the virus.  Here's what happens:


      - virus sends message to a mailing list, say foo-list@???
        (with "To: foo-list@???")
      - some.domain doesn't detect the virus, and sends it on to
        all foo-list subscribers
      - target@??? happens to be one of those subscribers.
        A stupid virus detector will then decide, "Oh! I'd better
        block this virus and tell the recipient what a wonderful
        deed I have done!".  A *really* stupid virus detector will
        conclude that the recipient is foo-list@???, and
        the whole list will get a *second* piece of junk mail.
        ARrgghh!


--
Greg Ward <gward@???>                         http://www.gerg.ca/
I just read that 50% of the population has below median IQ!