[prev in list] [next in list] [prev in thread] [next in thread] 

List:       james-user
Subject:    Re: AttachmentFileNameIs or Matcher in general param size limit?
From:       Serge Knystautas <sergek () lokitech ! com>
Date:       2004-05-24 16:09:40
Message-ID: 40B21E44.4040503 () lokitech ! com
[Download RAW message or body]

Vincenzo Gianferrari Pini wrote:
> > Vincenzo Gianferrari Pini wrote:
> > 
> > > 2. If a virus is found the email is ghosted without a bounce for the reasons \
> > > you said.
> > 
> > I've created a separate address to send bounces for mesages like this 
> > (e.g., bounce-admin@lokitech.com instead of postmaster@lokitech.com). 
> > Also, I was thinking that these bounces in the first place could be put 
> > in a separate remote delivery spool that are retried fewer times.  Any 
> > idas on how to make this easier to do is appreciated.
> 
> Why are you bouncing back? The only reason would be (as we all were doing in the \
> past) to politely notify an innocent original sender that he is infected, but \
> nowadays the sender address is almost always randomly fake, so I would be just \
> adding traffic and confusion to the Internet. In fact some percentage of the \
> infected messages received by my production server consists of bounces made by \
> antivirus running on other MTAs, and many messages are similar bounces not infected \
> because the bounce stripped the infected attachment.

Yes, although this was meant as a general bounce strategy so would 
include "invalid account" and other such bounce conditions.

> Moreover, many MTAs do not follow the rules when they receive a "NULL RETURN-PATH" \
> (<>): so, suppose that you receive an infected message from \
> fakeuser@realdomain.com; if you bounce back to him, you may in many cases receive a \
> second bounce from postmaster@realdomain.com saying that fakeuser is unknown, \
> adding confusion to confusion.

Right, that's why I use the bounce-admin@lokitech.com when sending <>, 
so then I can automatically bit-bucket anything to there.

> The current trend, as Noel said, is to ghost those infected emails, risking in a \
> very few cases to not help someone that is infected :-(

Agreed, although I would really prefer to have throttling, so the first 
time an IP address or sending address does something, I notify them, and 
THEN stop giving them notices (and eventually just block them altogether).

-- 
Serge Knystautas
President
Lokitech >> software . strategy . design >> http://www.lokitech.com
p. 301.656.5501
e. sergek@lokitech.com

---------------------------------------------------------------------
To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
For additional commands, e-mail: server-user-help@james.apache.org


[prev in list] [next in list] [prev in thread] [next in thread]