spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [spf-discuss] Re: Anyone Got an Explanation?

2005-09-21 13:47:45
from [Dick St.Peters] [Permanent Link] 
Stuart D. Gathman writes:

On Wed, 21 Sep 2005, Dick St.Peters wrote:

The Clamav milter offers a runtime option to bounce viruses and worms
back, but a comment in the code notes that this is generally not a
good idea.  The default is not to bounce.

In the milter TODO list is to not bounce if the detected virus type is
one known to fake the from address.  Also in the TODO list is to
bounce outgoing mail but not incoming mail.


How about sending a *real* (DSN) "bounce"!  Then it can be easily ignored
by innocent bystanders.  That is my main complaint - not that it bounces,
but that it doesn't!  It replies instead of bouncing.


DSN generation is an MTA function.  You're right that what the Clamav
milter calls a bounce is actually a reply, but it has little choice.
As a milter, it can return a status telling sendmail to accept or
reject the mail, but there's no "accept and bounce" status defined in
the milter API.  If a milter returns a reject status, sendmail rejects
the mail, leaving DSN generation up to the client MTA (which in the
case of a Clamav milter reject is often a virus SMTP engine).

The Clamav milter runs as a separate process, usually running under
the "clamav" user identity.  As such it can reply to mail by piping a
message to a new sendmail instance, but to send a real DSN with an
empty MAILFROM it would need its own SMTP engine.


Once that glaring problem is fixed, how about "bouncing" incoming viruses only
on SPF PASS?  Or at least don't "bounce" on FAIL or SOFTFAIL!


The Clamav milter is one milter in a chain, and it's not Clamav's job
to check the SPF status.  If you think it should be, well, Clamav is
open sourse, so write the code and submit it to the project.

Personally, I would like the bounce/reply option removed, but I'm a
Clamav user, not a Clamav developer.  So I just run it without the
bounce/reply option turned on.

--
Dick St.Peters, stpeters(_at_)NetHeaven(_dot_)com 
Gatekeeper, NetHeaven, Saratoga Springs, NY

-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your 
subscription, 
please go to 
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [spf-discuss] Re: Anyone Got an Explanation?, Scott Kitterman
Next by Date:  RE: [spf-discuss] Re: Anyone Got an Explanation?, Seth Goodman
Previous by Thread:  Re: [spf-discuss] Can this really be true?, johnp
Next by Thread:  Re: [spf-discuss] Re: Anyone Got an Explanation?, Stuart D. Gathman
Indexes:  [Date] [Thread] [Top] [All Lists]