Re: OT: Viruses on lists

To: debian-user@lists.debian.org
Subject: Re: OT: Viruses on lists
From: Paul Johnson <baloo@ursine.ca>
Date: Mon, 10 May 2004 22:28:54 -0700
Message-id: <[🔎] 87ekprzg4p.fsf@ursine.ca>
In-reply-to: <[🔎] 20040510202241.GA11871@bigdaddy> (Jonathan Matthews's message of "Mon, 10 May 2004 21:22:41 +0100")
References: <[🔎] 20040509085945.GB6999@bigdaddy> <[🔎] 20040510180643.GB22795@dman13.dyndns.org> <[🔎] 87pt9cku4s.fsf@ursine.ca> <[🔎] 20040510202241.GA11871@bigdaddy>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Jonathan Matthews <spam@jaycee.uklinux.net> writes:

>> > My choice is to simply drop viruses.  I don't expect to have any legit
>> > messages falsely identified as viral, and dropping the message simply
>> > removes waste from the network bandwidth and disk storage of the
>> > world.  I see no need to push the bounce back at someone else,
>> > particularly since the offender is rarely the one punished in that
>> > case.
>
> Drop /after/ accepting?  Would that not mark you (in the virus' eyes, 
> anyway) as a potential target?

The virus doesn't give a flying fsck if no MTA answers, if it gets a
4xx or 5xx error, if I accept it, or the MTA responds that they're
being redirected to Abu Gharib.  They'll keep trying repeatedly no
matter what.

> What with viruses having their own builtin SMTP engines these days
> and hence knowing for sure what response was given to the SMTP
> session, is that not potentially inviting future, smarter viruses
> (with memories for this sort of thing) to hit you first?

If they're smart, no, because they're getting a 5xx error...

>> Which is why I reject at SMTP.  Doesn't push a bounce back to forged
>> addresses.
>
> I should have said - I've followed Paul's instructions on ursine.ca to 
> set this up, and am consequently rejecting at SMTP time.

Woohoo!

> I'm unsure as to the difference between accepting a mail and
> bouncing later and rejecting at SMTP time as far as murphy is
> concerned.  (I'm fine with the general difference for normal mail.)

It hasn't caused me problems.

> Can anyone venture an opinion?  Do both bounces (is it correct to
> call a 5xx reject a "bounce"?)

No, a bounce is when you're getting an automated answer or get
forwarded elsewhere without human intervention.  A 5xx SMTP response
is more properly called a reject.

- -- 
Paul Johnson
<baloo@ursine.ca>
Linux.  You can find a worse OS, but it costs more.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFAoGSZUzgNqloQMwcRAlqCAKDRaAZfCBossh0gmlLNssEDLD7dogCgnmxf
IC5fyiIQ/U8LW/iijXoQFVI=
=u5ee
-----END PGP SIGNATURE-----

Reply to:

References:
- OT: Viruses on lists
  - From: Jonathan Matthews <spam@jaycee.uklinux.net>
- Re: OT: Viruses on lists
  - From: "Derrick 'dman' Hudson" <dman@dman13.dyndns.org>
- Re: OT: Viruses on lists
  - From: Paul Johnson <baloo@ursine.ca>
- Re: OT: Viruses on lists
  - From: Jonathan Matthews <spam@jaycee.uklinux.net>

Prev by Date: Re: OT: Viruses on lists
Next by Date: Re: 2.6.5 -- I broke the internet
Previous by thread: Re: OT: Viruses on lists
Next by thread: Re: OT: Viruses on lists
Index(es):
- Date
- Thread