[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Virus emails

Mike Hommey dijo [Tue, Sep 23, 2003 at 12:28:44AM +0200]:
> > > helps catching 95%... But the bandwidth is still used... I'm still
> > > looking for a pure MTA solution...
> >
> > A pure MTA solution would still need to scan the body and thus would still
> > eat your bandwidth.
> Maybe I'm wrong, but I think an MTA rejecting a mail because of oversized body 
> doesn't have to get the whole body before rejecting the mail. Based on this, 
> it should be possible to reject the mail before it gets fully transfered to 
> the server.

I don't think so - And if so, this could break many client MTAs.
According to the protocol definition [1], after the DATA command the
server will reply with a 354 code, which means 'Start mail input; end
with <CRLF>.<CRLF>'. The client might not be expecting anything until
the <CRLF>.<CRLF> has been sent. If you suddenly send a 5xx error code,
the client might never receive it. You may close the connection, but th
client might then retry - and consume your bandwith over and over.


[1] http://www.ietf.org/rfc/rfc0821.txt

Gunnar Wolf - gwolf@gwolf.cx - (+52-55)5630-9700 ext. 1366
PGP key 1024D/8BB527AF 2001-10-23
Fingerprint: 0C79 D2D1 2C4E 9CE4 5973  F800 D80E F35A 8BB5 27AF

Reply to: