Re: virus scanning

To: "Julian Mehnle" <lists@mehnle.net>, debian-devel@lists.debian.org
Subject: Re: virus scanning
From: Russell Coker <russell@coker.com.au>
Date: Sun, 15 Feb 2004 02:38:57 +1100
Message-id: <[🔎] 200402150238.57812.russell@coker.com.au>
Reply-to: russell@coker.com.au
In-reply-to: <[🔎] EHEOIEJMBFBKCKMPHFJKEEGAFCAA.lists@mehnle.net>
References: <[🔎] EHEOIEJMBFBKCKMPHFJKEEGAFCAA.lists@mehnle.net>

On Sun, 15 Feb 2004 01:09, "Julian Mehnle" <lists@mehnle.net> wrote:
> > I'm getting virus bounces when master tries to send mail on to
> > developers who have their machines configured to reject such messages,
> > I've just got two from messages to Vincent.
>
> Although I'm not a DD, I'm subscribed to some Debian mailing lists as well,
> and my mail server rejects mails with virm as well, so I guess this applies
> to me, too.

Mailing lists already deal with this issue.  If a message that is sent by the 
list server is rejected by your mail server then it will not cause any 
inconvenience for anyone else.  You will be unsubscribed from the list if 
your mail server rejects enough list traffic, but that's not a problem.

The problem we have is for mail forwarding of the /etc/aliases nature.

> > In a general sense rejecting a virus with a code 550 is good, but in
> > the case of mail forwarders it just results in a bounce going to an
> > innocent third party.  While master lacks virus scanning the best thing
> > to do is to accept the message and send it to /dev/null so that no
> > bounces are generated.
> >
> > However sending 550 codes is ideal for mail that goes direct.
>
> How do you define "direct"?

TCP connection from viral infected machine to destination mail server without 
any redirection along the way.

> I agree that accepting and /dev/null'ing virii will prevent some
> misdirected bounces, but what does this have to do with whether such
> messages are delivered through master (or any other mailing list server)

Mail sent to master.debian.org (as opposed to lists.debian.org which serves a 
different purpose even though it's the same machine) is not list traffic but 
mail to be forwarded.

> vs. some other 3rd party mail server?  In either case you can't know
> whether the calling server will generate a concrete bounce message as a
> reaction to your 550 rejection.

If the "calling server" is the viral infected machine then it will not 
generate a bounce.  If the "calling server" is a mail relay for an ISP then 
the ISP needs to install a virus scanner and/or put the customer in question 
off-line.  Most ISPs are fairly good at removing infected customers and/or 
blocking viruses from customers, the ISPs that aren't good at this tend to be 
in DNSBL's anyway.  ;)

So having an ISP's mail relay send a bounce is a trivial problem.

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page

Reply to:

Follow-Ups:
- RE: virus scanning
  - From: "Julian Mehnle" <lists@mehnle.net>
- Re: virus scanning
  - From: Adam Heath <doogie@debian.org>

References:
- RE: virus scanning
  - From: "Julian Mehnle" <lists@mehnle.net>

Prev by Date: apt-get locking dpkg
Next by Date: Re: virus scanning
Previous by thread: RE: virus scanning
Next by thread: RE: virus scanning
Index(es):
- Date
- Thread