From: Edward Wildgoose (no email)
Date: Tue Oct 01 2002 - 03:59:47 EDT
We are getting all the issues out here, but still skirting what I see as the core issue.
Graham has suggested that you quietly "can" all mail which fails a virus scanner test and don't tell anyone, not even the postmaster (correct me if I misunderstand). However, many mail admins are going to consider this a bit too severe...
The heart of the debate is that for sure you can tell the recipient, but often they don't particularly want to see. However, if they are loosing mail then they should be told about it (even if it is only a virus).
The suggestion on the table is that we solve all the debates by simply rejecting and never accepting in the first place. Because we have basically bounced the mail, then genuine senders should get told, hence mail is never lost. Recipient genuinely never looses mail because technically none ever arrived. The sender gets a notification and if it is in error can resend.
In the long term this could make it harder for virus's such as klez to propogate. Klez has it's own SMTP engine, so assuming the user needs SMTP auth to send mail (incresingly common) and therefore either it has to hack MUA to get the user name and password, or needs to try and deliver directly. Rejecting the direct connection from a Klez will hopefully raise the coding level on virus's and prevent false bounces because the connection is killed at source.
It seems an extremely safe change in behavious bearing in mind how virus activity has evolved (IMO). Previous basis seems more suitable for virus's like "ethan" where it made sense for the sender to still accept the virus'd document occasionally.
Perhaps this kind of behaviour is also easier to code into legal documents as well. Perhaps it might even skirt the limits of what is "filtering" if you are completely rejecting the mail. (Arguably this is *slightly* different to accepting the mail and then witholding it from the user, or modifying it to remove the virus...?)
The only real point up for debate seems to be whether Klez will cause false bounces. Can Amavis deal with this...?
Ed W
-----Original Message-----
From: Ralf Hildebrandt [mailto:]
Sent: 01 October 2002 07:35
To:
Subject: Re: Should we "reject", ie 5xx virus's
On Tue, Oct 01, 2002 at 04:00:10AM +0100, Graham Hillstomer wrote:
> Virus warnings today should not be sent.
>
> 1) Senders are forged so you can cause more panic among non-infected users. Just use klez as an example.
We only send warnings to senders where the virus doesn't forge the
sender
> 2) You create useless emails since if they are not protected now given all the virus awareness they probably never will be.
But otherwise you would simply "swallow" the mail. That's unacceptable.
> 3) You create useless "we have protected you" warning to your users who take time to read each one :-)
Yup
-- Ralf Hildebrandt (Im Auftrag des Referat V A) Charite Campus Virchow-Klinikum Tel. +49 (0)30-450 570-155 Referat V A - Kommunikationsnetze - Fax. +49 (0)30-450 570-916 Why you can't find your system administrators: been convicted of computer crimes (vague reference to randal schwartz) - To unsubscribe, send mail to with content (not subject): unsubscribe postfix-users - To unsubscribe, send mail to with content (not subject): unsubscribe postfix-users
|
|
|