[ On Monday, February 17, 2003 at 16:22:01 (+0000), Alan J. Flavell wrote: ]
> Subject: Re: [Exim] bouncing viruses
>
> By chance it will, yes. As well as a number of bona fide (would-be)
> senders who thought that what they were doing was perfectly OK, and
> get quite shirty when you try to explain the strategy...
Who the heck cares? Nobody has the "right" to send e-mail to any and
every abitrary mail server from an address that their ISP has allocated
as a generic and probably dynamic (or at least potentially dynamic)
workstation address. I sure as heck am not ever going to allow anyone
to send me e-mail from a client station which may just previously have
been used by a spammer to send junk out if I can possibly avoid it!
> > If you've acceptd a message containing a virus or worm then the best
> > possible thing you can do is disable it
>
> Well, the _best_ thing to do is not to accept it in the first place.
You didn't read what I said. I said "_IF_ YOU HAVE ACCEPTED...."
> I don't really approve of delivering mail of which the body has been
> interfered with. You could make yourself liable in various ways.
Remember, the RFC 822 headers of a message are, from the mailer's
perspective, part of the body; and every MTA should be adding a
"Received:" header and thus will be modifying the body of the message.
I.e. your paranoia is bogus and silly.
> On the other hand there's some who insist you shouldn't look at it
> either, since it could be bona fide mail that's accidentally
> triggerered the detector, and looking at it would be a breach of
> privacy.
Well, actually there's a heck of a lot more more pragmatic reason: If
you can't decicde whether or not you're going to accept _and_ deliver a
message by the time the client has sent at least one approved "RCPT TO:"
command, well then for all practical purposes you're going to have to
accept and either deliver or bounce or bit-bucket the message. It's
almost impossible to reliably and effectively reject a message after the
DATA command has started, and besides you still burn all the wasted
bandwidth anyway. Since you should not ever try bouncing messages
containing known viruses and worms, your only remaining sane choices are
to either deliver (perhaps with slightly modified content) or to
bit-bucket the message.
> > (which reporting infected messages helps to do,
>
> Hmmm, I guess you have a point there. I'm not sure I want to pester
> them in that way, but it's a difficult choice.
PLEASE, pester away at them!!! :-) Education is the only way out of
this pit.
--
Greg A. Woods
+1 416 218-0098; <g.a.woods@???>; <woods@???>
Planix, Inc. <woods@???>; VE3TCP; Secrets of the Weird <woods@???>
