nanog mailing list archives
Re: antivirus in smtp, good or bad?
From: Daniel Senie <dts () senie com>
Date: Tue, 03 Feb 2004 09:16:44 -0500
At 08:58 AM 2/3/2004, you wrote:
Hi,When investigating our mail queue it seems we have quite a lot of mails whichare stuck in transit...Whats happening is we're accepting the mail as the primary MX for the domain butthe user has setup a forwarding to another account at another ISP, they haveantivirus service on that other account. So we get the mail, spool it and try toforward it but then we get a "550 Error: Suspected W32/MyDoom@MM virus" after DATA and our server freezes the mail.
Hmmm, well, we certainly kick back virus-laden stuff this way. The alternatives are:
1) kick it back during SMTP. 2) drop it on the floor. or, the third option, which is EXCEEDINGLY BROKEN,3) send a bounce to the From: address in the email. Because of spoofed sender addresses, this then goes to the wrong person, freaks out innocent, non-infected people and raises everyone's support costs.
Surely this is an incorrect way to do this as there will be lots of similar MXs like ours backing this mail up? They should accept the mail and then bounce it?
Why must systems accept mail that's virus laden or otherwise not desired at a site?
The "bounce" you refer to invariably ends up going to the wrong person(s), so that's an exceptionally BAD idea. Many viruses (most of the recent ones) forge the sender information. So either accepting and silently dropping, or rejecting the SMTP session with a 55x are the only viable choices.
Current thread:
- antivirus in smtp, good or bad? Stephen J. Wilcox (Feb 03)
- Re: antivirus in smtp, good or bad? Suresh Ramasubramanian (Feb 03)
- Re: antivirus in smtp, good or bad? Stephen J. Wilcox (Feb 03)
- Re: antivirus in smtp, good or bad? Suresh Ramasubramanian (Feb 03)
- Re: antivirus in smtp, good or bad? Suresh Ramasubramanian (Feb 03)
- Re: antivirus in smtp, good or bad? Stephen J. Wilcox (Feb 03)
- Re: antivirus in smtp, good or bad? Suresh Ramasubramanian (Feb 03)
- Message not available
- Re: antivirus in smtp, good or bad? Daniel Senie (Feb 03)
- Re: antivirus in smtp, good or bad? Joe Maimon (Feb 03)
- Re: antivirus in smtp, good or bad? Suresh Ramasubramanian (Feb 03)
- Re: antivirus in smtp, good or bad? Joe Maimon (Feb 03)
- Re: antivirus in smtp, good or bad? Suresh Ramasubramanian (Feb 03)
- Re: antivirus in smtp, good or bad? Daniel Senie (Feb 03)
- Re: antivirus in smtp, good or bad? Daniel Senie (Feb 03)
- Re: antivirus in smtp, good or bad? Joe Maimon (Feb 03)
- Re: antivirus in smtp, good or bad? Adi Linden (Feb 03)
- Re: antivirus in smtp, good or bad? JC Dill (Feb 03)