[Mimedefang] Re: compare mimedefang to mailscanner
John Rudd
john at rudd.cc
Wed Jan 17 19:11:51 EST 2007
Les Mikesell wrote:
> John Rudd wrote:
>> Accepting a message that your own scanners say contains
>> spam/virus/bad-content, and then crafting a bounce message for it
>> instead of delivering it, is a bad practice and should never be done.
> Dropping valid messages without notifying the sender is an even worse
> practice.
Dropping without notifying _anyone_ is "an even worse practice". You
don't have to notify the sender, as long as you notify the recipient
(and visa versa).
> "Bad content" is a fairly arbitrary concept.
The term is rather arbitrary. What I meant by it is not: messages that
have malformed MIME parts, messages that have attachments whose filename
or filetype I don't like, phishing messages (as determined by ClamAV),
and messages with HTML tags I don't like (IFRAME, OBJECT, etc.).
It's easier, though, to just say "bad content" than to write all of that
out.
> Can you honestly claim
> that you are
> anywhere near 100% correct in your determination of that?
I don't need to. I either reject or mark+deliver. If I'm wrong in my
determination, it ends up in someone's mail folder so they know about it.
>> 2) Don't accept it. Reject it. Give an SMTP 4xx or 5xx result, with
>> a reason for why you didn't accept it. Let the submitting (SMTP
>> client) host figure out what to do with it from there. Most likely
>> it's a spam/virus bot, and the problem is resolved.
>>
>
> MimeDefang can do this; I don't think Mailscanner can.
No, Mailscanner can't. That's one of the reasons I switched :-)
>> You'll notice that neither of these is "bounce it".
>>
>
> In a practical sense, it is. If the other end of the SMTP conversation
> is an
> RFC-conforming server, your 5xx rejection forces it to construct a bounce.
> If it is a virus, it will probably drop on the floor.
No, a rejection is not the same as a bounce. Not even in a practical sense.
You can't ever control what another MTA is going to do with a message.
And, more importantly, it's not your job to know/care what it's going to
do with that message. It's only your job to deal with the things you do
actually control: which messages you will accept or reject, and what
you're going to do with the ones you've accepted.
Rejecting is not the same as bouncing. Ever. Because you don't know
what that MTA is going to do with the rejected message AND it is not
your responsibility to know what it is or is not going to do with the
rejected message.
Rejecting is saying "I will not take responsibility for the message".
Bouncing is saying "I took responsibility for the message, and now I've
got to try to send it back."
The two are worlds apart.
On a practical level, more likely than not, the source of the message
was a directly connected spambot, virusbot, or spam-house (because
you're not accepting connections from open relays, right?). In those
cases, rejecting the message does not cause the submitting SMTP client
to create a bounce message. They just forget the message and move on.
More information about the MIMEDefang
mailing list