Re: Virus emails
Mike Hommey dijo [Tue, Sep 23, 2003 at 12:28:44AM +0200]:
> > > helps catching 95%... But the bandwidth is still used... I'm still
> > > looking for a pure MTA solution...
> > A pure MTA solution would still need to scan the body and thus would still
> > eat your bandwidth.
> Maybe I'm wrong, but I think an MTA rejecting a mail because of oversized body
> doesn't have to get the whole body before rejecting the mail. Based on this,
> it should be possible to reject the mail before it gets fully transfered to
> the server.
I don't think so - And if so, this could break many client MTAs.
According to the protocol definition , after the DATA command the
server will reply with a 354 code, which means 'Start mail input; end
with <CRLF>.<CRLF>'. The client might not be expecting anything until
the <CRLF>.<CRLF> has been sent. If you suddenly send a 5xx error code,
the client might never receive it. You may close the connection, but th
client might then retry - and consume your bandwith over and over.
Gunnar Wolf - email@example.com - (+52-55)5630-9700 ext. 1366
PGP key 1024D/8BB527AF 2001-10-23
Fingerprint: 0C79 D2D1 2C4E 9CE4 5973 F800 D80E F35A 8BB5 27AF