[Mimedefang] How do I remove infected attachments before bouncing mail (action_bounce)
Justin Shore
listuser at numbnuts.net
Sun Jun 8 13:30:01 EDT 2003
On Fri, 6 Jun 2003, Jim Shewmaker wrote:
> Hi,
> While I agree that adding to the traffic in notifications is a problem, my
> opinion is that is is temporary necessary for the sake of legit users
> (though there may be few), who did send a virus infected message. Also,
> policy wise, I can say "we don't discard anything, we bounce it so the
> sender knows they sent something we wouldn't accept" This does wonders for
> those instigating users who are problem children and think a boogie man ate
> their joke of the day, homework, or whatever.
>
> In a week or two, I'll be disabling our bounces entirely, but I feel in
> most cases it is valuable initially. Eventually even drop_with_warning will
> be shrugged off anyway by Joe user, so I'm going to a silent running
> operation overall.
Perhaps you should consider only spamming your own users with the virus
notices rather than all users on other ISPs as well. This would go a long
way towards mitigating the waste of bandwidth and other resources by
blinding bouncing virus reports to mostly forged users. I just posted
some code that I use to make sure that $RelayAddr does equal any IP on one
of my netblocks (ie, myself or my users) before proceding with the
SpamAssassin checks. You could do something similar with your AV checks.
If $RelayAddr doesn't match one of your IPs, return a 55x like normal. If
it is one of your own IPs (read: users), bounce them a virus report. That
would be a good way to approach it.
Good luck
Justin
More information about the MIMEDefang
mailing list