Re: Linux bandwidth monitoring

From: Henry Stilmack (hps_at_shangri-la.cx)
Date: 07/22/05 

Date: Fri, 22 Jul 2005 09:46:43 +0200

The muse whacked Jenda Mudron over the head on 22 Jul 2005 and caused
hir to enscribe <dbq47b$kkc$1@domitilla.aioe.org>:
> Thank You for the reply.
>
> I have spamassassin running on my mail server, but what happens is I
> have a procmail rule that blocks out attachments for eg: zip files.
>
> then what it does is sends out a autoreply to the sender stating he
> sent a zip file and it is not allowed. But viruses come onto the
> server with forged headers and the server sends the autoreply to
> somebody that did not send the e-mail.
>
> Any other suggestions ?
>
>
For this very reason, sending auto-replies is a Bad Thing. Virus and
spam checkers should just reject the Email with an error message that
indicates to the sender why it was rejected. If you have users who
routinely need to get .zip attachments, their corespondents should be
whitelisted.

If you are not running spamassassin until after the SMTP transaction
has completed, you should just drop the message into a spam folder and
notify the recipient so s/he can (a) manually check the attachment
and/or (b) notify the sender if it is legit.

Every time a new virus that fakes From: headers comes out, I get
hundreds of bogus "we rejected your message" autoreplies from clueless
mail servers. It is really irritating. 

-- 
Henry Stilmack, CISSP
Email to hps (at) shangri-la (dot) cx
Registered Linux User #324965

Relevant Pages

  • RE: SPF record confusion
    ... associated with a different set of message headers from which the PRA ... the sender CLAIMS to be. ... a receiving mail server that relies on determining the PRA from the address ... command is defined in RCF8281 along with other SMTP commands like EHLO, ...
    (microsoft.public.windows.server.sbs)
  • Re: Outlook Express Undeliverable
    ... If your client is not getting an NDR message back from ... his mail server (which means his sending mail server got rejected during the ... Maybe you have server-side spam filtering enabled and his mails ... sender is infected so his mails could also be infected. ...
    (microsoft.public.internet.mail)
  • Re: hotmail password request tool (intranet usage)
    ... that some email viruses started sending themselves as passworded files. ... I personally consider it bad practice for a mail server to alter the ... It also fails to inform the *sender* ... language has no way to express 'partial delivery'. ...
    (comp.security.firewalls)
  • Re: Return-Path not showing in OE Details
    ... this header is whatever the sender wants to specify in the MAIL command ... a null reverse-path is allowed under certain ... like when an mail server returns an NDR (non-deliverable ... lot of "SHOULD" which if forcibly changed to "MUST" (by the receiving ...
    (microsoft.public.internet.mail)
  • RE: Sendmail configuration problem? Some servers refusing to receive mail from me...
    ... They simply switched over to my new mail server and started using ... unless your MTA configuration is modifying the from address of the ... required for sender address" ...
    (RedHat)