Re: [Exim] Re: STOP Auto-Notification NOW!! was: Where is fa…

Page principale
Supprimer ce message
Répondre à ce message
Auteur: jzaw
Date:  
À: Sven Geggus
CC: exim-users
Sujet: Re: [Exim] Re: STOP Auto-Notification NOW!! was: Where is fakereject in 4.24?
--
[ Picked text/plain from multipart/alternative ]

On Friday, Sep 26, 2003, at 10:51 Europe/London, Sven Geggus wrote:

> granted, but exiscan bounces are _not_ notification emails.
>
> All the Mailserver does is denying the the reception of Emails that
> contain
> viruses. All the rest is not your problem, but the Problem of the
> sending
> server.
>


i have to say i now understand and agree with this ... cos it makes
sense!

to quote Tim Jackson (on exiscanusers list) in reply to my own question
on the matter

>> since there is a server trying to send me a M$ email with a .exe
>> atatched and i reply with a "(reason: 550 This message contains an
>> unwanted file extension (exe)"
>> their server then tries to send my short response and (if they have it
>> configured) the payload too, to the potentially spoofed sender
>
> Yes, this is right. However, you're missing a subtlety here, which is
> that
> the "server" trying to send you the mail, if it's a spam or virus, is
> typically not a "real" mail server - it is probably a virus engine or
> some
> spamware. In that case, it is almost certain not to generate a bounce
> message to the sender, spoofed or otherwise, thus the mail disappears
> which is good. However, if by chance it's a real person (misguidedly)
> trying to send a .exe or whatever, they should get a bounce from their
> SMTP server, in theory including your 550 response somewhere in it by
> way
> of explanation.
> <snip>
> So basically, by doing what you are doing, you are doing about the best
> you can. It's not perfect, but it's the best we can do within the
> constraints of current protocols. Now, you can go one stage further (as
> you suggest) and just send stuff you detect as virus/spammage into a
> blackhole (by sending an SMTP 2xx so the originating server thinks the
> mail went through OK, but then just ditching it). However, this makes
> your
> mail unreliable insofar as if you accidentally discard something that
> wasn't actually spam/virus material, neither the sender nor recipient
> will
> ever know. So I don't do that personally. I work on the basis that by
> not
> generating additional bounces, I am not adding to the problem, and it's
> only very occasionally that one of my 550s will result in a bounce to a
> spoofed sender, and even if it does, it's not me generating the bounce.


it really made things much clearer for me

Zaw
--