[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: OT: Viruses on lists

Hash: SHA1

Jonathan Matthews <spam@jaycee.uklinux.net> writes:

>> > My choice is to simply drop viruses.  I don't expect to have any legit
>> > messages falsely identified as viral, and dropping the message simply
>> > removes waste from the network bandwidth and disk storage of the
>> > world.  I see no need to push the bounce back at someone else,
>> > particularly since the offender is rarely the one punished in that
>> > case.
> Drop /after/ accepting?  Would that not mark you (in the virus' eyes, 
> anyway) as a potential target?

The virus doesn't give a flying fsck if no MTA answers, if it gets a
4xx or 5xx error, if I accept it, or the MTA responds that they're
being redirected to Abu Gharib.  They'll keep trying repeatedly no
matter what.

> What with viruses having their own builtin SMTP engines these days
> and hence knowing for sure what response was given to the SMTP
> session, is that not potentially inviting future, smarter viruses
> (with memories for this sort of thing) to hit you first?

If they're smart, no, because they're getting a 5xx error...

>> Which is why I reject at SMTP.  Doesn't push a bounce back to forged
>> addresses.
> I should have said - I've followed Paul's instructions on ursine.ca to 
> set this up, and am consequently rejecting at SMTP time.


> I'm unsure as to the difference between accepting a mail and
> bouncing later and rejecting at SMTP time as far as murphy is
> concerned.  (I'm fine with the general difference for normal mail.)

It hasn't caused me problems.

> Can anyone venture an opinion?  Do both bounces (is it correct to
> call a 5xx reject a "bounce"?)

No, a bounce is when you're getting an automated answer or get
forwarded elsewhere without human intervention.  A 5xx SMTP response
is more properly called a reject.

- -- 
Paul Johnson
Linux.  You can find a worse OS, but it costs more.
Version: GnuPG v1.2.4 (GNU/Linux)


Reply to: