On 2016-11-28 15:34, Patrick Ben Koetter wrote:
* MRob <[email protected]>:
Patrick,
Really appreciate your help, especially if Mark's not around here any
more.
> > - Are there best practices advice about sender notifications?
>
> Don't notify senders for
>
> - spam
> - viruses
> - unchecked
>
> as the envelope sender is usually forged. You'd end up barking up the
> wrong
> tree and the server might get listed as backscatter server.
>
> Notify senders for:
>
> - banned files
>
> > - Looks like default is to have notifications ("warnings?") enabled
> > for
> > attachments with banned file extensions. Doesn't this risk backscatter
> > problems when sender address is forged?
>
> Yes.
Given that you advised sending banned notifications to senders, you
consider
the backscatter potential an acceptable risk for keeping that turned
on?
It's a calculated risk that tries to balance useful information against
getting on innocent peoples nerves. I am not aware of facts (numbers)
that
make this an easy decision. Personally I use notifications for banned
files.
I understand, but you contradicted yourself when you said:
Does disabling $warn_offsite prevent ALL non-local notifications
(based on
$mynetworks?)? Should I set it to undef to disable?
I wouldn't use warn_offsite, because it opens the door to backscatter.
I'd
leave it at its default, effectively disabling offsite warnings.
I'm trying to understand your particular opinion clearly. Are you saying
that you do send banned file notifications, but only to internal
senders?
As for the rest, I'm tempted to walk through the code by hand since
playing with the configuration has gotten me nowhere and seems more time
consuming. I will reply further and appreciate your guidance.
Since it appears the notification text for banned files is called
"notify_virus_sender_templ" (am I correct?), I guess it is dual-use and
will have some variables that change depending if it is a virus
situation or a banned file situation?
