Re: [Exim] What to do with messages that seem to be virus-in…

Top Page
Delete this message
Reply to this message
Author: Fred Viles
Date:  
To: exim-users
Subject: Re: [Exim] What to do with messages that seem to be virus-infected?
On 6 Mar 2004 at 0:44, Toralf Lund wrote about
    "Re: [Exim] What to do with messages":


| Kevin Reed wrote:

|...
| >If we know they are bad when they are being given to us, we deny them at
| >SMTP time. We try hard to make sure that this is the #1 option.
| >
| What exactly happens to the message when you do that? Won't there still
| be an attempt to send an error message - not by your server, but by the
| one contacting it?


Usually not. If the sending host is the spammer's or an infected
machine, nothing happens. The virus/spamware just moves on to it's
next target. If it is a BVA (Bogus Virus Alert) sender, likewise
typically nothing will happen since the MAIL FROM is usually <>.

If it is a relay server, such as an email forwarding service, it
probably will generate a bounce. But there's nothing you can do
about that, it's not your problem.

A more debatable situation is if you have a backup MX. In that case
it is your problem, at least conceptually, if one of your legitimate
MX hosts accepts a message on your behalf that you later reject. If
at all possible you should make sure all your MX hosts implement the
same rejection criteria. If that's not possibile, IMO you should not
reject messages from your backup MXs. You should accept and
blackhole instead.

That's my thought, anyway.

|...

- Fred