[Mimedefang] ClamAV's Worm/Trojan/Joke/W97M classifications
WBrown at e1b.org
WBrown at e1b.org
Thu Jun 30 11:47:17 EDT 2005
mimedefang-bounces at lists.roaringpenguin.com wrote on 06/30/2005 10:24:31
AM:
> On Thu, 2005-06-30 at 08:39, WBrown at e1b.org wrote:
> > If I refuse delivery, I don't feel any responsibility for the
> > NDN generated by some other system.
>
> I still think you'll change your mind the day your address is the
> one being forged and the target of a million bounces.
My address would have to be forged by a virus that uses a relay, and most
of the current viruses are direct to MX with their own SMTP engines. In
these cases this is moot. The message just dies with 550.
> > They should not have accepted the
> > mail for relay anyways, unless it truly was from an authorized user,
in
> > which case they deserve the bounces.
>
> You didn't answer when I asked this before so I'll try again. Viruses
> virtually always use legitimate addresses found in the local contact
> list or headers of received email - just not the real sender. How
> does your system ensure that rejections by the next hop can only
> be returned to the real sender, not a forged address? If you can't
> do this yourself, how can you expect the rest of the world to do it?
> If you can, I'd like to know how.
Is that legitimate address the authorized user? The email should only be
relayed when the sender is the authorized user, ie. the owner of the
machine. And such a person deserves the all bounces, a thousand times
over!
If the admin is sloppy enough to not check for authorized user, and not
running AV, they are probably sloppy enough to get their systems listed on
the RBLs.
And the sender is not always pulled from the local machine. Most Sober
variants make up the sender.
More information about the MIMEDefang
mailing list