On Wed, 2009-01-14 at 07:42 -0500, Rich Kulawiec wrote:
And second, have you (rhetorical you) been paying attention to the
origination points of the vast majority of attempted malware
deliveries over the past decade?
The error here is to assume that you get the message from the
originating system. There are scenarios in which you get the message
from an innocent (perhaps in more than one sense of the word)
*intermediate* MTA. It is the reaction of such an MTA to a rejection
which is the problem.
An intermediate MTA is not be a open relay, because relaying is often
defined in terms of the system from which the message arrives. For
instance, a company has a "boundary" MTA. A PC within the company's
network is compromised (the user accessed an unsuitable web site in
their lunch break). The trojan sends messages via the boundary MTA.
Unless that MTA checks the return-path address, and the boundary MTA
picks up on the virus, then the rejection by the next hop MTA is a
problem.
After all, if the "MTA" from which you received the infected message is
not innocent, perhaps not even a proper MTA, then rejecting the message
is also pointless. The rejection will be ignored, and so the overall
effect will be the same as if it were accepted and discarded.
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg