Auteur: Jan-Peter Koopmann Date: À: rtm, Peter Bowyer, exim-users Sujet: RE: [Exim] Auto bounce under some conditions
On Thursday, July 15, 2004 8:59 AM exim-users-admin@??? wrote:
>> Be *very* careful you don't start autoreplying to a worm, then, thus
>> contributing to the problem instead of the solution.
>
> Opps, I forgot this. If the sender is worm, the system will
> auto-reply large number of nonsense emails. Thanks.
Exactly... Please don't do this... Sometimes I think there are just as many wrong "your message could not be deliverd due to..." messages out there as there are viruses. If you want to block attachments and inform the sender then do it at the MTA level but without sending actual bounces since they will barely ever reach a real recipient.
> I know your opinion: use a AV product to scan email, is it?
> Yes, we have a RAV installed, but in some extreme
> curcumstances, the RAV or other AV scanner can't work
> properly, for example, a new worm which still not
> recoginzable by AV scanner. This will cause a big problem.
> This year, we face one of these cases.
Use something like MailScanner and have several virus scanners examine your mails. I am currently running up to seven different scanning engines for each mail at some of our clients sites. It is not 100% safe but a lot better than just relying on one engine.
If you block attachments on MTA level you will have a lot of problems if you really need an EXE... If you simply quarantine them and tell your recipient (not necessarily sender) that you have done so, you will still have the opportunity to release the attachment. Moreover you could go and block attachments within ZIP files etc. Lots of possibilities.