Re: [Exim] bouncing viruses

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Alan J. Flavell
Date:  
À: Suresh Ramasubramanian
CC: Exim users list
Sujet: Re: [Exim] bouncing viruses
On Sun, 16 Feb 2003, Suresh Ramasubramanian wrote:

> On Sun, 16 Feb 2003, Asbjørn Høiland Aarrestad wrote:
>
> Asbjørn> I tried to do this, redirecting it to a mailbox and let that mailbox
> Asbjørn> notify recipent and then reject it, but Exim didn't like it, because the

[...]

> Have your virus checking transport check for existence of a
> X-Virus-Scanned: header and stop checking anything which has that header.
>
> Or alternatively, strip the MIME part (viruses or whatever) before you
> bounce the mail -

^^^^^^

Hang on, this discussion seems to be going around in circles now...

It's definitely a bad idea to literally "bounce" such mail, in view of
the prevalence of counterfeited sender addresses. This definitely
puts it into the class described by our illustrious service provider
in http://www.ja.net/mail/junk/collateral.html as "collateral spam".

I'm much happier with the idea of recognising it at SMTP time,
refusing to accept it, and leaving any further action to the peer MTA
(or whatever it really is, sometimes a direct-to-MX client) outside of
my responsibility.

The other issue being kicked around here is automatically informing
the intended recipient. Based on my own observations, I would say
that only a small fraction of the incidents which we reject are in
fact deliberate intentions by the sender to reach the intended
recipient with productive email: most of them are involuntary
creations by some unknown sender, with the sender address
counterfeited by the virus to be some innocent third-party.

It's my view that it would cause significantly more confusion amongst
the recipient base if some kind of incident report were automatically
composed to the intended recipient/victim about each and every one of
these occurrences, and further, could put the mail admin at risk of
libelling the innocent third parties whose addresses have been
misappropriated by the virus etc.

I'm also sceptical of attempts to de-fang the mail and pass the
remainder to its intended recipient. I don't really think that as
postmasters we have any right to interfere with the body of emails
(massaging headers is different): IMHO we should either accept the
mail item in its entirety, or reject it in its entirety.

If the sender really wants it to reach the recipient, then they need
to consider the reason for rejection, and do whatever is appropriate
about it.

cheers