[Mimedefang] mimedefang-filter(5) and action_bounce()
Michael Faurot
mfaurot at atww.org
Wed Feb 4 11:23:29 EST 2004
With regard to all the virus activity of late I've been trying to figure
out what's the right thing to do when my SMTP gateway detects a virus.
I 'get' the concept that using something like action_notify_sender() is
not a good idea because the From: header is usually faked anyway, plus
the added traffic this generates etc. Never did that anyway. However I
have been using action_bounce().
I happened to be reading mimedefang-filter(5) (from the MD v2.39
distribution) today and was looking at the section for action_bounce()
and noticed this paragraph:
WARNING: action_bounce() may generate spurious
bounce messages if the sender address is faked.
This is a particular problem with viruses.
However, we believe that on balance, it's better to
bounce a virus than to silently discard it. It's
almost never a good idea to hide a problem.
Regarding those last two sentences--is action_bounce() still a good
idea when dealing with a detected virus?
More information about the MIMEDefang
mailing list