[Mimedefang] Mimedefang 2.36 and how to drop a blocked attachment message - action_bounce?

Les Mikesell les at futuresource.com
Mon Sep 29 09:40:01 EDT 2003


On Mon, 2003-09-29 at 08:02, Joseph Brennan wrote:
> >    This is just not true.  Action_bounce will simply return an SMTP
> > reject.  Only if the sending MTA tries to bounce the message will a
> > (usually faked) sender receive a bogus return.  In the case of SoBig, the
> > infected PC ties to contact the addressee's MX directly.
> 
> 
> This is true as far as it goes, but it overlooks the situation
> where the virusmail is being forwarded or relayed.  In that case
> the 5xx rejection is being given to a mail server, which will
> generate a bounce notice.
> 

Except for the case of your local mail clients, virtually all others
will be sent through a relay so the SMTP reject is going to cause
a bounce message to be sent even though you push the work of doing
it off to someone else.

Perhaps the count of 'Received:' headers could be used to decide if
it would be better to reject or ignore.   If you are directly connected
to the originating machine, a reject should be harmless. If there has
already been another hop, a reject is likely to generate a bounce
to an innocent bystander.

---
  Les Mikesell
    les at futuresource.com






More information about the MIMEDefang mailing list