[TriLUG] Blocking Attachments in Exim/A really wack network admin

David A. Cafaro dac at trilug.org
Mon Apr 12 09:05:34 EDT 2004


On Sat, 2004-04-10 at 23:51, Tanner Lovelace wrote:
> Rejecting with the appropriate mail code will not cause any bounces if
> the e-mail is being sent by the viruses own engine.  If it comes from
> a regular mail server, then that mail server is misconfigured and shouldn't
> be accepting virus e-mail anyway.  If the mail admin is looking at his
> logs, s/he will see the rejects and hopefully notice that their server
> is misconfigred. The mail server doing the rejecting isn't sending any
> e-mails, it's just saying it won't accept the e-mail. Silently discarding
> the e-mail, besides being in violation of the SMTP spec, isn't a good
> solution because in case it is a valid message, there's no way for the
> sender or the recepient to realize that it was dropped.  That is unacceptable,
> especially if it's an ISP doing the dropping.

Ah, true, missed thought that.  You would be rejecting before you even
fully accepted the email transfer (during the SMTP connection from the
relaying mail server or the virus itself if it ran it's own SMTP).  The
reason I misunderstood that was I usually think of virus scanners
working on the email after it has been accepted from the SMTP
connection.  You setup would work, but might take some serious
processing power and time slices on the SMTP side since you would have
to partially accept the connection, scan the majority of the email
before it's been completely transfered, then reject it at the end.  When
I was talking about silently dropping it, I was talking about after it
has been accepted by the SMTP server (thus not violating the SMTP spec,
I believe) but before delivery to the users email folder.  And you are
also right, ISP should not do this dropping with out explicit permission
from the user (though private companies should be able to do it if they
want, it's their email).  Also I am still definitely against the whole
sending notices back to the email sender if you server virus scanner
sees a virus.  More often than not the sender listed is not the infected
person, and just causes confusion and more junk email.


-- 
David A. Cafaro <dac(at)cafaro.net>
Sys Admin to User: "You did what?!?"




More information about the TriLUG mailing list