rick pim wrote: > > On Fri, 8 Aug 2008, Charles Gregory wrote: >> Well, first of all, yes it IS. It's *everyone's* problem. That forged >> address could be on *your* server, and *you* get the backscatter from some >> other victim system that also "doesn't care what the ISP does with it"... > > what he said: we have two accounts/addresses that get, between them, > about 200,000 bounces a day; this has been going on for something more > than 8 months.
If the bulk of thoses is coming from infected PC's there is no harm in rejecting them with a 5xx - the PC is going to ignore that anyway - it is certainly not going to bounce the message back to the "sender". If it is coming from a legitimate system it would be useful to provide feedback to that system's operator that they are handling dirty mail. In that case a 5xx error is appropriate. If they then bounce the message to some unsuspecting victim then they will get additional feedback. I don't see where dropping those messages is helpful but do see all manor of advantages of rejecting with 5xx. My 5xx rejects, which are in the thousands, are 10 to one generated by DNSBL or dictionary attempts (user unknown), not ClamAV hits. > > (that said, there's something to be said for bouncing mail: one of our > vendors is occasionally silently blocking my email to them. clearly > SOMETHING about my messages are triggering their spam filters. it sure > would be nice if i got the bounces for those....) Can't have it both ways - although you could ask to be whitelisted. I do that for all our regular customers and contacts, and also whitelist any mail lists our users are on. I'm very happy to expect connecting systems to be well run or to suffer the consequences. In fact I feel that way about my systems. If I make a mistake I expect to pay for it. dp _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
