[Mimedefang] ClamAV's Worm/Trojan/Joke/W97M classifications
Les Mikesell
les at futuresource.com
Thu Jun 30 19:17:27 EDT 2005
On Thu, 2005-06-30 at 14:05, Jim McCullars wrote:
> > I'm asking about your direction. If you've accepted a message from
> > some user, queued it, then your attempt to deliver is rejected and
> > you construct a bounce (suppose the next server's virus scanner is
> > better than your own...), how do you ensure that the bounce you
> > send goes to your user's mailbox, not some forged address?
>
> Now you are going off in another direction.
No, this is the other side of the same SMTP conversation. I'm asking
you to consider what a rejection sets in motion.
> The original discussion
> was whether to reject or silently drop a message that *I* have flagged as
> a virus. The question of what to do with a negative DSN from another MTA
> is a separate issue altogether, and is an issue whether the mail is not
> delivered because it has a virus, was flagged as spam, user over quota,
> bad recipient, etc.
There really is no question about what you have to do with a negative
DSN from the next MTA. Likewise they have no choice about what to
do when you issue one.
> If I have accepted a message from a user on our campus and queued it
> for delivery and it gets bounced, many times it will wind up in the
> postmaster's mailbox. And you can bet that I will find out why a user on
> campus is sending out emails with a bad return address.
I'm talking about a message with a good return address, just not
the one that belongs to the sender. For example, one that has been
extracted from the headers of recently received email or a contact
list, like a typical virus uses.
--
Les Mikesell
les at futuresource.com
More information about the MIMEDefang
mailing list