On Fri, 09 Jul 2004 21:07:45 -0500 "David W. Tamkin"
<dattier(_at_)panix(_dot_)com> wrote:
However, there's another aspect: virus-laden messages always have false
return addresses, so there's no gain in bouncing them, plus there is the
possible damage of sending the bounce to an innocent party whose address
was forged on the infected message that you're bouncing. If you can't
reject it during the SMTP dialogue, just send it to /dev/null.
If it weren't for the fact that I think ALL of them offer the option it
would be nice to see a boycott of MTA level virus gateways that have an
option in their setup to send bounce replies. Viruses/worms haven't used
the actual address of the infected party for several years now. And most
don't show direct delivery from the infected machine either, using open
relays and other machines as proxy delivery systems.
If it weren't for the fact that I operate an ISP mail server I'd add
systems that generate virus bounces to a local blacklist.
When I get away from this stupid Windows based MTA I'll probably create an
inbound filter to identify virus bounce messages and send an auto-reply to
(postmaster@|admin@|support@|abuse@) informing the sending domain of the
error of their ways.
Trying to explain to clueless users that the bounce message they got does
*NOT* mean they have a virus and does *NOT* mean someone has "cracked"
their email account probably takes up half of my daily email response time.
Gerald
____________________________________________________________
procmail mailing list Procmail homepage: http://www.procmail.org/
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail