[Mimedefang] Best method of dealing with automatic - propagationvirus mails

[Edward Wildgoose]

I think someone needs to know that you just threw away their email - this is an ethical problem.  Email is never supposed to get "lost" according to the RFC.  

In certain legal environments it might also be extremely iffy to "tamper" with peoples mail by carelessly discarding it in this way.  Granted no one is likely to complain, but if you ever get a new Ethan type virus which sits in a word document and CEO of major bank X is sending to Customer Y and the message keeps quietly disappearing in the middle with no feedback then expect some trouble...

German seems to suffer legal issues which make is somewhat iffy to even virus scan and quarantine the message!

The REJECT proposal seems to be legal and sensible in most environments.  The idea that certain messages are not welcome here is acceptable, and someone should get a bounce message, the incentive of course is not to be down the bounce chain because you have an impossible job to work out what to do, hence the ISP's should be incentivised to try and prevent most virus's from entering the chain in the first place.

The point is if you can prevent the CEO's message leaving the company mail server then you certainly aren't liable (perhaps) and it is the company's problem to try and warn the CEO appropriately, not yours!

I think the reject proposal has some merits in the long term.  However, to be clear to anyone following this - if *your* machine accepts the message and then tries to bounce back to the source ISP, then you are adding to the problem not fixing it.  To implement this you MUST reject the original connection with a 5xx response!

Ed W

-----Original Message-----
From: Tony Nugent [mailto:tony at linuxworks.com.au]
Sent: 28 October 2002 15:42
To: mimedefang at lists.roaringpenguin.com
Subject: Re: [Mimedefang] Best method of dealing with automatic -
propagationvirus mails 


On Mon Oct 28 2002 at 13:06, "Edward Wildgoose" wrote:

> I really think that the only thing worth doing with Viruses these
> days is to reject, ie DROP the SMTP connection before accepting
> the message (if possible).  Otherwise accept the message, then
> drop it into quarantine and ONLY notify the recipient.

I wouldn't even bother to do that, why would the recipient care?  In
the end this only adds to the problem (and the confusion, especially
with forged sender addresses).

The email was not really intended for the final recipient(s) anyway,
since it was generated by a bogus - it shouldn't even exist in the
first place (in a "perfect" world).