Re: [Exim] bouncing viruses

On Fri, 21 Feb 2003, Dr Andrew C Aitchison wrote:

> In the more normal case, if we can't trust the sending SMTP server to
> accept "I don't like that message, and don't try again", and there are
> so many machines like that out there that we can't afford to keep telling
> them to go away, then we have taken the first step in the slippery road
> to the end of email as we know it.

Unlike you, our departmental mailer _is_ accepting calls from the big
bad Internet...

I've mentioned that we _have_, in the past, seen occasional mail
senders (MTAs or those purporting to be) which react to 5xx at end
of DATA as if it was retryable, and continued to retry until I
manually blacklisted them for rejection at an earlier stage in the
transaction. So I agree that it _does_ happen in real life.

My recollection of what those occasional "rogue" mailers were, is that
they were old and quirky MTAs, rather than being hosts which had
fallen victim to some email worm or virus.

However, I have to say that there are quite a number of situations in
which our exim-v4 DATA ACL will reject mail by ending the transaction
with a 5xx at end of DATA, and I don't recall having to take any
specific action to terminate such a standoff since we moved to exim
v4, which was last August.

So - and again I stress that this is on the scale of our own
operation, is just intended as one data point, and might or might not
be applicable to someone else's operation - it does seem as if 5xx
response at end of DATA is a viable way of keeping out stuff that we
don't like the look of. It's working for us, in our situation.

best regards