On Wed, 21 Sep 2005, Dick St.Peters wrote:
How about sending a *real* (DSN) "bounce"! Then it can be easily ignored
by innocent bystanders. That is my main complaint - not that it bounces,
but that it doesn't! It replies instead of bouncing.
The Clamav milter runs as a separate process, usually running under
the "clamav" user identity. As such it can reply to mail by piping a
message to a new sendmail instance, but to send a real DSN with an
empty MAILFROM it would need its own SMTP engine.
SMTP client is rather trivial. Every self respecting virus has one!
But even so, if clamav can't send a real DSN, then it shouldn't send anything
at all! Instead it should reject the message.
The Clamav milter is one milter in a chain, and it's not Clamav's job
to check the SPF status. If you think it should be, well, Clamav is
open source, so write the code and submit it to the project.
Just stick an SPF milter in front of the clamav milter set to reject on FAIL.
(Assuming proper forwarder, etc, configuration.)
Alternatively, stick an SPF milter in front that doesn't reject on FAIL, and
have clamav use the Received-SPF header.
Personally, I would like the bounce/reply option removed, but I'm a
Clamav user, not a Clamav developer. So I just run it without the
bounce/reply option turned on.
Yes, the option should be removed if it can't do it right. The
replies are worse than useless.
I have been updating their Wiki...
--
Stuart D. Gathman <stuart(_at_)bmsi(_dot_)com>
Business Management Systems Inc. Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flamis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.
-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com