[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: virus scanning



On Sun, 15 Feb 2004 07:05, "Julian Mehnle" <lists@mehnle.net> wrote:
> Russell Coker wrote:
> > > > However sending 550 codes is ideal for mail that goes direct.
> > >
> > > How do you define "direct"?
> >
> > TCP connection from viral infected machine to destination mail server
> > without any redirection along the way.
>
> By that definition (which is of course as good as any), a receiving mail
> server cannot reliably determine (if at all) whether an incoming connection
> is a "direct" one, can it?  Except of course by white-listing every single
> known-good mail server (hint SPF).

When mail from your favourite forwarding domain (such as @debian.org) comes in 
it's not direct, so you can configure your mail server with special case 
config options for the IP address of the Debian mail server.  For all other 
messages you assume that the mail is direct.

There is no reason for someone to setup a /etc/aliases forwarding system 
pointing to you without your knowledge and/or consent.  You should know the 
IP address of every machine that will forward mail to you in such a manner.

The only problem with such configuration is if you have an account at an ISP 
(they won't be prepared to adjust their configuration for an individual 
user).  In that case the ISP should send the virus to /dev/null to avoid 
problems.  For an ISP to reject spam at the SMTP level is OK even though it 
will occasionally give a bounce to an innocent third party.  This is because 
the more 550's you send in response to SPAM, the less SPAM will be sent to 
you.  Sending a 550 in response to a virus has no affect on the number of 
viral messages you receive.

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page



Reply to: