This has been a hotly debated topic on the Mailscanner list. The majority of folks on the list agree that *YOU* should stop sending the notices.
The errant emails are from virus that are well-known to use forged headers. If you insist on bouncing them anyway, then for sanity sake at least use some common sense: MailScanner provides a list of virus types that should simply be dropped silently (since the header is always forged). Looking at the list of these viruses you will see that over 99% of *current* email with viruses use forged headers. That being the case, your antiquated idea of bouncing back these messages is valid less than 1% of the time. Clearly you need to get a clue and start being responsible for the mail passing through your systems. There are enough clueless Windows admins out there to keep us all busy - we don't need to add any Linux admins to their ranks. Jon Carnes On Fri, 2004-04-09 at 19:02, Joshua Gitlin wrote: > Hey TriLUG, > > I received a message today from the network admin of USFamily.net. They > appear to be a small ISP in Minnesota that resells XO Communications' > dial up accounts and Qwest's DSL accounts. This guy complained that my > server was sending him "unnecessary and irresponsible bounce messages". > > Now, the "unnecessary and irresponsible bounce messages" in question > are bounces of messages containing potential virus attachments (*.pif, > *.exe, *.scr, etc). I have these defined (like everyone else) in > /etc/antivirus.exim. He is complaining the the user(s) with viruses > aren't his users, and that the virus is forging the From: address, so > his users are getting bounce messages from me that they don't deserve, > and this is causing him to have to do more work. (I guess he didn't > read his job description) > > He doesn't seem to care that bounce messages like these are standard > practice and therefore has blocked my server from sending him emails > entirely. > > My questions are: > > 1. Should I care? is it worth my time to resolve this problem to > appease one lazy sysadmin? I do have a few clients with online stores > on my server that need to send emails to their customers. I don't want > to prevent my customer's customer from getting their online order > invoices, etc. > > 2. Is there any way, with Exim, to block messages with attachments like > these while the SMTP session is still open, so that bounce messages > never need to be sent? > > 3. If #2 is not possible, can I just stop sending him bounce messages? > How would I do that in Exim? > > Thanks guys! > > -Josh > > ----------- > Due to the recent increase in spam and falsely sent email, I now PGP > Sign all of my outgoing mail to prove my identity. This means that you > will see an attachment called "PGP.sig" with this message. This > attachment can be used to prove that I am who I say I am. If you are > not familiar with PGP, you can safely ignore it. For more information, > please visit http://www.pgp.com/ or http://www.gnupg.org/ > > > > > ______________________________________________________________________ > > -- > TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug > TriLUG Organizational FAQ : http://trilug.org/faq/ > TriLUG Member Services FAQ : http://members.trilug.org/services_faq/ > TriLUG PGP Keyring : http://trilug.org/~chrish/trilug.asc -- TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug TriLUG Organizational FAQ : http://trilug.org/faq/ TriLUG Member Services FAQ : http://members.trilug.org/services_faq/ TriLUG PGP Keyring : http://trilug.org/~chrish/trilug.asc
