Rejecting has been my first approach when I first installed an
avfilter. When I realized the number of infections I was causing
that way, I started to drop rather than reject.
[I] could use some clarification on what you mean by
"infections...[you were] causing". I don't understand how issuing an
SMTP reject could cause an infection; wouldn't doing so be the
equivalent of telling an already-infected host "you're infected"?
Well, I didn't write it. But I interpreted it as, basically, this
scenario:
- Malware goes out, addressed to A, (forged) envelope-from B. Sending
channel ends up emitting it from a normal MTA, M.
- A's MX host rejects it at SMTP time.
- M generates and sends a bounce to B.
- B receives bounce with embedded malware. Somehow - perhaps B's MUA
aggressively looks for and executes live content; perhaps B clicks
on the wrong thing; perhaps something else - this ends up with a
malware infestation on B's machine. (Cue xkcd #350.)
If A's MX host had silently swallowed the mail, nothing would have
happened to B - or, at least, not on account of this message. (This is
not to say that _I_ think it's fair to say that A's rejection caused B
to get infected. Just that this is what I think Alessandro meant.)
/~\ The ASCII Mouse
\ / Ribbon Campaign
X Against HTML mouse(_at_)rodents-montreal(_dot_)org
/ \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg