On Tue, 2009-01-13 at 12:53 -0500, Rich Kulawiec wrote:
It's best to just
reject the message and content yourself that (a) you've done all you
can do
(b) you've emitted a reasonable diagnostic message in case this is a
goof
(c) you've minimized the amount of SMTP traffic you're emitting -- a
key
factor and (d) you've done something that passes the "what if everyone
did this?" test, another key factor.
If by "reject" you mean "give a 5xx response to the data from the SMTP
client, the problem with that is that, as previously discussed, the SMTP
client server may generate a DSN or similar which returns the infected
message. It does not know that the reason for non-delivery was the
suspect message content. You do. So the only safe responses are:
- discard the message (i.e. accept it over SMTP and then throw it away
with no further processing, apart from possible archiving).
- send a DSN or similar which suppresses return of content.
In the old days you could get messages which contain inadvertently
infected attachments (e.g. in the days of Word macro viruses). I would
think that the fraction of infected messages which are like this is
negligibly small. So, no-one needs to know that the message is being
non-delivered, so discarding the message is the best policy.
David
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg