Re: Rejecting viruses the Right Way[tm]

From: Edward J. Shornock (ed_at_crazeecanuck.homelinux.net)
Date: 02/10/04

  • Next message: No Spam: "Re: Getting the same USB device? *multiple webcams*" 
    Date: Tue, 10 Feb 2004 01:16:47 -0500
To: debian-user@lists.debian.org

    Steve Lamb wrote:

    > Derrick 'dman' Hudson wrote:
    >
    >> If a message is either rejected (during the SMTP dialog) or bounced
    >> (after accepting and queueing the message) then the same innocent
    >> third party receives some junk mail.[1] The difference is only in
    >> which server is sending the bounce message.
    >
    >
    > The presumption being, of course, that the other side is a real
    > MTA and not the virus/worm itself. Rejecting is acceptable as the
    > onus is on the other side on what to do. You're not generating the
    > bounce. If it is a virus/worm then it isn't likely to generate a
    > bounce. If it is an MTA then they had best get their act together and
    > not propigate viruses.
    >
    I agree and have been using this successfully for some time now: I have
    those bounces blocked with Postfix.
    http://www.t29.dk/antiantivirus.txt

    # t29.dk postfix header_checks regexp file, rev. 8 (2004-02-07)
    # conversion by Niels Callesøe (dk pfy) pfy@nntp.dk
    # usage (main.cf):
    # header_checks = regexp:/etc/postfix/header_checks
    #
    # original compilation by Tim Jackson for SpamAssassin
    # http://www.timj.co.uk/linux/bogus-virus-warnings.cf
    #
    # conversion for procmail by Peter Jensen can be found at
    # http://pekaje.homeip.net/antiantivirus_procmail.txt
    #
    # Note: Some people have suggested using DISCARD rather than REJECT. This is a bad idea.
    # REJECT'ing these will not bounce to an innocent user, unless the antivirus program
    # forges the return address. Most antivirus programs insert their own, and so the only
    # one who will see the bounce is the admin who needs to fix his broken AV software.
    # In the event of a false positive, REJECT'ing will make sure the sender knows about it. 

    -- 
To UNSUBSCRIBE, email to debian-user-request@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
  • Next message: No Spam: "Re: Getting the same USB device? *multiple webcams*"

    Relevant Pages

    • Re: Rejecting viruses the Right Way[tm]
      ... > (after accepting and queueing the message) then the same innocent ... > which server is sending the bounce message. ... You're not generating the bounce. ... virus/worm then it isn't likely to generate a bounce. ...
      (Debian-User)
    • Re: Kmail: What happened to bounce?
      ... Some tome back the very handy bounce function disappeared. ... spammers often use pirated email-addresses from innocent people who will be ... case you would not reach the spammers, ... Challenge/Response-type spam filters, such as Apache's BoxTrapper, suffer ...
      (comp.windows.x.kde)
    • Re: Kmail: What happened to bounce?
      ... Some tome back the very handy bounce function disappeared. ... spammers often use pirated email-addresses from innocent people who will be ... case you would not reach the spammers, ...
      (comp.windows.x.kde)
    • Re: extracting email address out of message body
      ... your vba worked virtually flawlessly. ... as the majority of bounce ... instead of a separate bounce message per address in that domain. ... I am seeing that a lot of these bounces use some kind of character that ...
      (microsoft.public.access.queries)
    • Re: mailing list
      ... >of the last bounce message we've received from all addresses. ... All they can tell me is that the "standard spam filter" ... To UNSUBSCRIBE, email to debian-user-request@lists.debian.org ...
      (Debian-User)