Re: Bug#155576: To hack or not to hack

To: debian-devel@lists.debian.org
Subject: Re: Bug#155576: To hack or not to hack
From: Brian May <bam@debian.org>
Date: Mon, 12 Aug 2002 16:06:46 +1000
Message-id: <[🔎] 20020812060646.GL2149@snoopy.apana.org.au>
Mail-followup-to: Brian May <bam@debian.org>, debian-devel@lists.debian.org
In-reply-to: <[🔎] 20020811013550.GB21393@alcor.net>
References: <[🔎] 20020807002425.GE11117@snoopy.apana.org.au> <[🔎] 20020807003015.GE17190@alcor.net> <[🔎] 20020807225841.GC30103@snoopy.apana.org.au> <[🔎] 20020807233432.GA11756@alcor.net> <[🔎] 20020807235332.GI30103@snoopy.apana.org.au> <[🔎] 20020808031911.GA11616@Bream> <[🔎] 20020811013550.GB21393@alcor.net>

On Sat, Aug 10, 2002 at 09:35:50PM -0400, Matt Zimmerman wrote:
> On Wed, Aug 07, 2002 at 08:19:11PM -0700, Nicolas Lopez wrote:
> 
> >   The major one I remember is the better error handling. Most MTAs arn't as
> > careful or watchful of stuff thrown to a pipe. Where using SMTP allows for
> > well-tested error handling, on top of rejecting messages with reason. 
> > "550 Spam, bugger off" looks better in a log than just having it disapear
> > into the scanner. Or "550 Virus: Klez.H, shoo"
> 
> Most of the junk that I'm rejecting doesn't seem to have a valid origin
> anyway, so at best, the bounce messages are likely to end up in some
> postmaster's mailbox anyway.  Spam is marked, and viruses are quarantined
> with a note sent to the recipient.  That way, each user is responsible for
> their own garbage.

I think it isn't so much the bounce message that Nicolas is talking
about (in fact I disabled all bounce messages; my users seem to have
found every mailing list on earth that generates mail that looks like
SPAM :-(, so I don't want them to get automatically kicked off; Also,
my outbound queue was rapidly filling up with bounce messages that
could not be sent).

However, the real benifit is the extra information in the log file:

eg:

Instead of just:

Aug 12 15:38:14 snoopy amavis[3200]: infected (Worm/Klez.H), from=<kumarorganic@vsnl.net>, to=<xyz@snoopy.apana.org.au>, quarantine virus-20020812-153814-03200

You also get this:

Aug 12 15:38:15 snoopy postfix/smtp[4184]: C3A7B28B06: to=<xyz@snoopy.apana.org.au>, relay=127.0.0.1[127.0.0.1], delay=58, status=sent (250 Ok, discarded, id=03200-09 - VIRUS: Worm/Klez.H)

Which logs C3A7B28B06 and allows you to track back to when
the mail was first received, and who it was received from, etc:

Aug 12 15:37:17 snoopy postfix/smtpd[4178]: C3A7B28B06: client=hydmail.tatanova.com[203.124.250.73]
Aug 12 15:37:38 snoopy postfix/cleanup[4179]: C3A7B28B06: message-id=<20020812053717.C3A7B28B06@snoopy.apana.org.au>
Aug 12 15:38:13 snoopy postfix/qmgr[1141]: C3A7B28B06: from=<kumarorganic@vsnl.net>, size=135908, nrcpt=1 (queue active)

Maybe this won't be used in practice (and you probably can
look at the Received header of the quarintined SPAM), but still,
I like the fact that this information is logged.
-- 
Brian May <bam@debian.org>

Reply to:

References:
- To hack or not to hack
  - From: Brian May <bam@debian.org>
- Re: To hack or not to hack
  - From: Matt Zimmerman <mdz@debian.org>
- Re: Bug#155576: To hack or not to hack
  - From: Brian May <bam@debian.org>
- Re: Bug#155576: To hack or not to hack
  - From: Matt Zimmerman <mdz@debian.org>
- Re: Bug#155576: To hack or not to hack
  - From: Brian May <bam@debian.org>
- Re: Bug#155576: To hack or not to hack
  - From: Nicolas Lopez <i.am@the.glowingmonkey.org>
- Re: Bug#155576: To hack or not to hack
  - From: Matt Zimmerman <mdz@debian.org>

Prev by Date: Re: Bug#156257: ITP: libpam-ssh -- <Roderick> I didn't write it, I'm just working on it. It authenticates you by u
Next by Date: Re: Bug#156257: ITP: libpam-ssh -- SSH key authentication and single sign-on via PAM
Previous by thread: Re: Bug#155576: To hack or not to hack
Next by thread: Re: Bug#155576: To hack or not to hack
Index(es):
- Date
- Thread