Re: virus scanning
On Sun, 15 Feb 2004 07:05, "Julian Mehnle" <email@example.com> wrote:
> Russell Coker wrote:
> > > > However sending 550 codes is ideal for mail that goes direct.
> > >
> > > How do you define "direct"?
> > TCP connection from viral infected machine to destination mail server
> > without any redirection along the way.
> By that definition (which is of course as good as any), a receiving mail
> server cannot reliably determine (if at all) whether an incoming connection
> is a "direct" one, can it? Except of course by white-listing every single
> known-good mail server (hint SPF).
When mail from your favourite forwarding domain (such as @debian.org) comes in
it's not direct, so you can configure your mail server with special case
config options for the IP address of the Debian mail server. For all other
messages you assume that the mail is direct.
There is no reason for someone to setup a /etc/aliases forwarding system
pointing to you without your knowledge and/or consent. You should know the
IP address of every machine that will forward mail to you in such a manner.
The only problem with such configuration is if you have an account at an ISP
(they won't be prepared to adjust their configuration for an individual
user). In that case the ISP should send the virus to /dev/null to avoid
problems. For an ISP to reject spam at the SMTP level is OK even though it
will occasionally give a bounce to an innocent third party. This is because
the more 550's you send in response to SPAM, the less SPAM will be sent to
you. Sending a 550 in response to a virus has no affect on the number of
viral messages you receive.
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page