On Fri, 05 Sep 2003 14:52:14 GMT, Philip Hazel <ph10@???>
wrote:
> The latest spate of viruses has caused someone to ask me if
> attachements should be removed from messages that are returned with
> bounces.
> Three fairly simple things could be done:
>
> 1. An option called bounce_return_body, defaulting TRUE, which, if
> turned off, would cause only the header to be returned in a bounce.
> I suspect few would set it. Should the default be FALSE?
Definitely a step in the right direction, plus *with* default set to
FALSE.
> 3. The default value of return_size_limit is 100K. It could be reduced
> to, say 10K.
We've been doing this for months already because of the latest round of
viruses to a) reduce wasted bandwidth from 'junk' bounces b) break the
virus distribution chain. If we cut it off it becomes defanged.
Also (and I not sure if this is doable in Exim already) and I think of
even more value... I think it would be great to be able to reject *at
SMTP time* the _whole_ communication for any bounces which come *in* with
attachments. I see no reason whatsoever why there needs to be anything
other than the failure information in a bounce message. This may not be
'nice' but I think it is really getting down to a case of 'survival', if
AOL doesn't want to do anything to stop flooding me with false bounces
with the same virus attached then this facilility keeps the problem at
their end and makes them think about dealing with the issue. I would put
in a polite message stating that our policy is not to accept bounces with
attachments.
Regards
Patrick