[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: OT: Viruses on lists

On Mon, May 10, 2004 at 09:22:41PM +0100, Jonathan Matthews wrote:
| Paul Johnson had the gall to say:
| > "Derrick 'dman' Hudson" <dman@dman13.dyndns.org> writes:
| [snip]
| > > Almost.  murphy generates a bounce and sends it to the list manager
| > > (mailman, majordomo, ezmlm, etc. - I don't know what one murphy is
| > > running).  The list manager then counts that against you in its
| > > determination of which addresses are invalid and need to be removed
| > > from the list.
| > 
| > It takes quite a few bounces before you get removed, though.

True.  Whether or not you get booted depends on the signal-to-noise
ratio on the list for a given time period.  (Some MLMs use a flat-rate
cutoff and some are time- or quantity-based)

| Does anyone know a definitive figure or rate here?

Not offhand.  I do know that the list manager will, as a last-ditch
attempt, send you a notification that you are being removed from the

| > > My choice is to simply drop viruses.  I don't expect to have any legit
| > > messages falsely identified as viral, and dropping the message simply
| > > removes waste from the network bandwidth and disk storage of the
| > > world.  I see no need to push the bounce back at someone else,
| > > particularly since the offender is rarely the one punished in that
| > > case.
| Drop /after/ accepting?


| Would that not mark you (in the virus' eyes, 
| anyway) as a potential target?  What with viruses having their own 
| builtin SMTP engines these days and hence knowing for sure what response 
| was given to the SMTP session, is that not potentially inviting future, 
| smarter viruses (with memories for this sort of thing) to hit you first?

Hmm,  we'll see when the time comes :-).

| > Which is why I reject at SMTP.  Doesn't push a bounce back to forged
| > addresses.
| I should have said - I've followed Paul's instructions on ursine.ca to 
| set this up, and am consequently rejecting at SMTP time.
| I'm unsure as to the difference between accepting a mail and bouncing 
| later and rejecting at SMTP time as far as murphy is concerned.  (I'm 
| fine with the general difference for normal mail.)  Can anyone venture 
| an opinion?

The difference is network and processing overhead.

If you reject the message, then your machine never actually places it
on the queue and never has to process it later.  Similarly, murphy has
already opened a network connection to your machine and is told right
then-and-there that you won't take the message.

OTOH if you bounce after accepting the message, then your system has a
bounce on the queue which it must process later.  Your system must
open a network connection to murphy and give it a new message to
deliver to the MLM's bounce handler.

| Do both bounces

| (is it correct to call a 5xx reject a "bounce"?)

No.  A bounce is a new message, generated by a mail server, sent to
the (envelope) sender to inform them of a delivery failure.  A 5xx
reject is refusal on the part of the receiving mail server to get its
hands dirty.

| count similarly negatively when working out who shouldn't be on the
| list anymore?


| Should I stop asking questions (sort of like this one?) inside other
| questions?

Well, it does make in-line repsonses a little more difficult :-).

Note that I don't really care much whether you reject or discard
viruses.  Just be aware of the implications of each option and make a
choice.  Whatever you do, though, don't bounce or send "friendly"
alerts to addresses found anywhere near the message (header or
envelope).  It really is quite annoying to get "you sent me a virus"
messages when I have done nothing of the sort.


Yes, Java is so bulletproofed that to a C programmer it feels like being in a
straightjacket, but it's a really comfy and warm straightjacket, and the world
would be a safer place if everyone was straightjacketed most of the time.
                                                     -- Mark 'Kamikaze' Hughes
www: http://dman13.dyndns.org/~dman/            jabber: dman@dman13.dyndns.org

Attachment: signature.asc
Description: Digital signature

Reply to: