[Mimedefang] Best method of dealing with automatic - propagationvirus mails
Edward Wildgoose
Edward.Wildgoose at FRMHedge.com
Tue Oct 29 04:32:01 EST 2002
If you kill the connection with a 5xx response then the sender should NOT keep retrying!! If they do - mail the admin and refuse to accept mail from this IP address!!
I don't see your point about mail loops, but it is good thinking though. In any case if a mail loop develops it will be the upstream ISP that has the problem not us. Consider an example:
V1 - virus infected sends message via ISP to "ME", I REJECT, ISP tries to Bounce to INNOCENT who has a virus scanner. The Bounce is then bounced back to postmaster at ISP (I think?). I think that postmaster at ISP will then eat the second bounce, but either way I don't think a mail loop will develop.
Point is that upstream ISP now has 3 times as much mail and it is in their interest to do something about it. Plus they will get complaints from innocent customers who report that postmaster at ISP has just sent them a virus...
However, lets consider what happens if ISP pulls out their finger and spends, ooo, say 2 mins configuring a regexp type body block or something really simple like that. Now virus infected user can't even send the mail in the first place. Hopefully this breaks most of the current virus engines, and the new breed will have to get significantly more advanced and try to deliver direct to end user, or seek out open relays, etc.
ISP's protecting against the top 3 virus's would intuitively make a big difference I think.
-----Original Message-----
From: Les Mikesell [mailto:les at futuresource.com]
Sent: 28 October 2002 16:10
To: mimedefang at lists.roaringpenguin.com
Subject: RE: [Mimedefang] Best method of dealing with automatic -
propagationvirus mails
> From: Tony Nugent
>
> The best way to treat a virus is to simply refuse to accept it (and
> then let the remote box deal with the bounce problem).
If you drop the connection as someone else suggested, any reasonable
mail transport will keep connecting back to try again for 2 to 5 days.
If you reject it you will set off the same problems as if you
bounced it yourself. Think about the situation where the next
hop has a different scanner than you and rejects mail you are
trying to send: now your box becomes the one with the bounce problem.
---
Les Mikesell
les at futuresource.com
_______________________________________________
MIMEDefang mailing list
MIMEDefang at lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
More information about the MIMEDefang
mailing list