Re: [Cooker] Mandrake mail server - Postfix, Spamassassin & Razor

[Luca Berra]

Giuseppe Ghib� wrote:
For the spoofed viruses a map can be set up to not warn at all:


Yes, but the sending user of the LAN won't know he has taken a virus...
if the virus is a spoofing virus you have no way of identifying the 
sender mail address, unless you force the sender to authenticate before 
sending a message.

$viruses_that_fake_sender_re = new_RE(
  qr'nimda|hybris|klez|bugbear|yaha|braid|sobig|palyh|inor|fizzer'i );


I don't understand. IMHO there is no need to warn the sender if 
external, as the
sending address can be always forged (and maybe this also would
unveil attacker your kind of virus scanner and maybe whether it's
not updated or not able to maybe recognize a certain virus). IMHO the 
this is used also to alter virus report, the user gets a report stating 
she received a virus from an unknown source, vs. a real mail address.

needing
could be to warn the sending user only if it's in the locale
address and he is sending trough the MTA. But there is no way to know
the REAL address without a MAP of mail<=>IP? suppose there are two 
users: "foo"
and "bar" at mydomain.com: "foo" has virus and send it trough the postfix
SMTP of "mydomain.com" as if mail was appearing "From:<[EMAIL PROTECTED]>".
Now if I understand right, you are saying that amavis-new understands that
<[EMAIL PROTECTED]> is a FAKE address and then doesn't send any bounced 
"warning"
message. What I'm asking here is: "what to do if I want that 
<[EMAIL PROTECTED]>
will receive a mail from the SMTP that he was trying to sending a VIRUS 
mail with
address <[EMAIL PROTECTED]>.
see above for smtp auth