You are here: Home > Participate > Join a Discussion > Mailman Archives
<<< Chronological >>> Author Index    Subject Index <<< Threads >>>

Re: [anti-spam-wg@localhost] Broken AV software

  • To:
  • From: Martin Neitzel < >
  • Date: Thu, 6 Nov 2003 13:41:06 +0100 (MET)

> [...] since almost all new viruses are using faked sender addresses,
> [automated "you have a virus" bouncing] is becoming a huge problem.

A experienced this effect just a week ago, in a slight variation:

I reconnected my private mailhub at home after a four week hiatus
due to vacations and system upgrade.  The initial uucp connect
transferred 100 MB, most of which was:

 (A)  --> incoming:  the original virus mail.
 (B)  <-- outgoing:  a bouncogram, not because I would do virus checking
		(no need 'cause I still stick with good old mailx) but
		because I am following a draconian extension of
		http://homepages.cwi.nl/~piet/mailrestr-en.html
		and reject multipart/{mixed,alternative} emails
		right within sendmail.
 (C)  --> incoming:
		either a NXUSER bouncogram
		or a "you've sent a virus" notification

This totaled in half a meg traffic for every single SWEN email.
(Imagine what would happen if I rejected "multipart/report", too ;-)

My gut feeling is that the double bounces generally violate the
"no errors about errors" principle.  With today's amount of
faked senders, I now disabled double bounces on my system.

Am still torn wether I should also switch sendmail's option

     -R return   Set the amount of the message to be returned if the message
                 bounces.  The return parameter can be `full' to return the
                 entire message or `hdrs' to return only the headers.

towards the "hdrs" setting.  It's OK for spam/virus emails, but since I am
usually harsh enough with my policy to reject HTML emails or attachments,
so I think it's a bit fairer to well-meaning senders who use the "wrong"
packaging to use the "full" setting so they can easily try again.

What I'd love to use would be

      -R 10k

I know that some MTAs do such a thing:  return the headers and just
the first few lines of the body.  Looks quite sensible to me.

						Martin Neitzel



  • Post To The List:
<<< Chronological >>> Author    Subject <<< Threads >>>