Kelson wrote:
[EMAIL PROTECTED] wrote:
My address would have to be forged by a virus that uses a relay, and
most of the current viruses are direct to MX with their own SMTP
engines. In these cases this is moot. The message just dies with 550.
Expect this to change as more ISPs start filtering outgoing SMTP
connections. All a virus (or spam zombie) has to do is extract the
settings from the user's mail config and send via the ISP's relay.
Depending on how the app stores the password, it may even be possible to
use SMTP AUTH.
One of the reasons I use 550 rejects for viruses is that I also scan
outgoing mail... so if by some chance one of my users gets infected with
a virus (regardless of the fact that we have desktop antivirus software
installed on all our machines as well as ClamAV on the MX server) and it
tries to send out using our mail gateway, the mail gateway will reject
that mail with a 550 and throw an error back to the client machine.
if the virus is in an attachment that they're legitimately trying to
send, they'll get an error message and then they'll undoubtedly come
crying to the helpdesk which will then kick them and tell them to run
the latest antivirus software/signatures.
if we just dumped viruses into /dev/null, the user would assume their
mail was sent and just "never got to the recipient" ... considering that
a lot of our business is conducted via email (internationally) and can
often be time sensitive... by the time we figured out that the intended
recipient never received the mail (at this point probably x times), and
why, it may be too late.
there are pros and cons to both solutions. choosing the solution in
which the pros outweigh the cons for your situation is the important part.
alan
_______________________________________________
Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list
[email protected]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
