[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: OT: Viruses on lists

On Mon, May 10, 2004 at 09:22:41PM +0100, Jonathan Matthews wrote:
> Paul Johnson had the gall to say:
> > "Derrick 'dman' Hudson" <dman@dman13.dyndns.org> writes:
> [snip]
> > > Almost.  murphy generates a bounce and sends it to the list manager
> > > (mailman, majordomo, ezmlm, etc. - I don't know what one murphy is
> > > running).  The list manager then counts that against you in its
> > > determination of which addresses are invalid and need to be removed
> > > from the list.
> > 
> > It takes quite a few bounces before you get removed, though.
> 
> Does anyone know a definitive figure or rate here?

80% of messages sent by the list bouncing in a rolling 24 hour window,
calculated at 45 past the hour, every hour.

> > > My choice is to simply drop viruses.  I don't expect to have any legit
> > > messages falsely identified as viral, and dropping the message simply
> > > removes waste from the network bandwidth and disk storage of the
> > > world.  I see no need to push the bounce back at someone else,
> > > particularly since the offender is rarely the one punished in that
> > > case.
> 
> Drop /after/ accepting?  Would that not mark you (in the virus' eyes, 
> anyway) as a potential target?  What with viruses having their own 
> builtin SMTP engines these days and hence knowing for sure what response 
> was given to the SMTP session, is that not potentially inviting future, 
> smarter viruses (with memories for this sort of thing) to hit you first?

I really can't see that being an issue.

> > Which is why I reject at SMTP.  Doesn't push a bounce back to forged
> > addresses.
> 
> I should have said - I've followed Paul's instructions on ursine.ca to 
> set this up, and am consequently rejecting at SMTP time.
> 
> I'm unsure as to the difference between accepting a mail and bouncing 
> later and rejecting at SMTP time as far as murphy is concerned.  (I'm 
> fine with the general difference for normal mail.)  Can anyone venture 
> an opinion?  Do both bounces (is it correct to call a 5xx reject a 
> "bounce"?) count similarly negatively when working out who shouldn't be 
> on the list anymore?  Should I stop asking questions (sort of like this 
> one?) inside other questions?

They'll both count the same. The only ones that don't count are `soft'
bounces, ie stuff that matches:

* 1^0 ^Subject: WARNING: message delayed
* 1^0 ^Subject: Delivery Notification: Delivery has been delayed
* 1^0 ^Subject: Message status - opened
* 1^0 ^Subject: (Returned mail: )?warning: c(an|ould )not send m(essage fo|ail afte)r
* 1^0 ^Subject: Undeliverable (RFC822 )?mail: temporarily unable to deliver
* 1^0 ^Subject: \*\*\* WARNING - Undelivered mail in mailqueue
# Soft bounce from Courier Mail Server
* 1^0 ^Subject: WARNING: delayed mail.
# Soft bounce from Postfix
* 1^0 ^Subject: Delayed Mail
# Soft bounce from MDaemon?
* 1^0 ^Subject: Transient Delivery Failure

Matching the actual codes is non-trivial as every MTA uses a different
syntax of giving us result, this is an alright approximation in terms of
matching temporary bounces...

Finally, yes you should stop asking questions inside other questions, as
you will find otherwise, that people will only answer the questions you
don't want answered, while ignoring the important ones you did want
answered.

> Answers on a postcard, please ...

heh ;-)


	Cheers,

Pasc

Please CC me on replies, I'm not subscribed to this list.
Reply to: