[Mimedefang] Re: virus notifications, etc.

[David F. Skoll]

On Thu, 27 Mar 2003, alan premselaar wrote:

> I was thinking that since these following virus types send email pretty much
> at random, that i should just reject any email that matches these virus
> types and not have to deal with a) processing and sending the messages to
> the exchange server and b) having the exchange server try to send mail out
> saying the user doesn't exist.

I bounce anything containing an MS executable.  If the sending relay
tries to generate a DSN message, that's its problem.

I've had complaints about this, saying that my actions result in viruses
being bounced to innocent third parties.  I have very little sympathy for
that viewpoint; viruses send themselves to innocent third parties anyway,
and my server returning a 554 code is hardly responsible for what a virus
does.

>  (on a side note, i'm currently looking into ways to allow sendmail to check
> the existance of a user on the exchange server and return a user unknown at
> SMTP protocol time, but that's a seperate issue. [although any suggestions
> will be greatly appreciated])

Please see http://support.microsoft.com/default.aspx?scid=kb;en-us;304897
for why this is rather difficult to do sensibly.  People running a
proper mail server can use md_check_against_smtp_server in filter_recipient;
people running M$ Exchange cannot.

You may be able to hook into M$'s user-authentication scheme and write
a filter_recipient routine that checks.  However, my guess is that only
a few nonexistent users get the bulk of the spam or other unwanted mail;
you can just write a special-purpose filter_recipient routine to catch
those.

Regards,

David.