On Sat, 2004-04-10 at 23:51, Tanner Lovelace wrote: > Rejecting with the appropriate mail code will not cause any bounces if > the e-mail is being sent by the viruses own engine. If it comes from > a regular mail server, then that mail server is misconfigured and shouldn't > be accepting virus e-mail anyway. If the mail admin is looking at his > logs, s/he will see the rejects and hopefully notice that their server > is misconfigred. The mail server doing the rejecting isn't sending any > e-mails, it's just saying it won't accept the e-mail. Silently discarding > the e-mail, besides being in violation of the SMTP spec, isn't a good > solution because in case it is a valid message, there's no way for the > sender or the recepient to realize that it was dropped. That is unacceptable, > especially if it's an ISP doing the dropping.
Ah, true, missed thought that. You would be rejecting before you even fully accepted the email transfer (during the SMTP connection from the relaying mail server or the virus itself if it ran it's own SMTP). The reason I misunderstood that was I usually think of virus scanners working on the email after it has been accepted from the SMTP connection. You setup would work, but might take some serious processing power and time slices on the SMTP side since you would have to partially accept the connection, scan the majority of the email before it's been completely transfered, then reject it at the end. When I was talking about silently dropping it, I was talking about after it has been accepted by the SMTP server (thus not violating the SMTP spec, I believe) but before delivery to the users email folder. And you are also right, ISP should not do this dropping with out explicit permission from the user (though private companies should be able to do it if they want, it's their email). Also I am still definitely against the whole sending notices back to the email sender if you server virus scanner sees a virus. More often than not the sender listed is not the infected person, and just causes confusion and more junk email. -- David A. Cafaro <dac(at)cafaro.net> Sys Admin to User: "You did what?!?" -- TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug TriLUG Organizational FAQ : http://trilug.org/faq/ TriLUG Member Services FAQ : http://members.trilug.org/services_faq/ TriLUG PGP Keyring : http://trilug.org/~chrish/trilug.asc
