procmail
[Top] [All Lists]

Re: Filtering Attachments

2001-09-20 21:07:00
On 20 Sep, Robert Dege wrote:
| 
| 
| >From all the posts, I was able to construct a working Attachment
| filter.  But I have 2 questions:
| 
| [recipe snipped]
| 
| With this recipe, how can I send an email to the original sender &
| recipient, notifying both that the email was filtered?
| 

I only have a comment (ok, a rant) for the first, and no answer for the
second. What do you hope to accomplish by auto responding to the
sender?  Unless you can *guarantee* that the recipe will only catch
bona fide viruses with real payloads, it's not part of the solution.
I'd argue the same even if you could guarantee no false matches, but
maybe that's just me. Your network policies are between you and your
users. If a message is blocked, no matter what the reason is, that's
between you and the recipient, and an auto ack just reeks of shoddy
administration attempting to shift responsibility to the sender (where
it does not belong). If you think you're providing a service by
informing people with infected machines, do you really think they won't
figure it out without your help?

FWIW the auto acks I've received were bounces of list posts that
arguably would have done the recipient more good than the mail filtering
software will ever do. But the mail filters prevented them from seeing
them, and in all cases the message could not possibly have been
infected. The software was just poorly configured and the admins
couldn't be bothered to fix it. Auto acks to list posts are as
inappropriate as vacation messages. Bugtraq probes for people who can't
get their vacation replies correct and unsubscribes them, and the SuSE
security list unsubscribes people whose mail systems are responsible for
bounces. The bounces don't go to the list, but to the original sender,
and still the list owner (needing no urging from me :-) throws them off
until the bounces are solved. I see nothing in your recipe to protect
against the same problem. Are you willing to put your users at this risk
for something that offers no tangible gain?

Of course, if the answer is yes, the archives are replete with examples
for you. My $.02.

-- 
                   /"\
Don Hammond        \ /     ASCII Ribbon Campaign
Raleigh, NC US      X        Against HTML Mail,
                   / \      and News Too

_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail

<Prev in Thread] Current Thread [Next in Thread>