[TriLUG] Blocking Attachments in Exim/A really wack network admin
Jon Carnes
jonc at nc.rr.com
Fri Apr 9 22:04:55 EDT 2004
This has been a hotly debated topic on the Mailscanner list. The
majority of folks on the list agree that *YOU* should stop sending the
notices.
The errant emails are from virus that are well-known to use forged
headers. If you insist on bouncing them anyway, then for sanity sake at
least use some common sense: MailScanner provides a list of virus types
that should simply be dropped silently (since the header is always
forged).
Looking at the list of these viruses you will see that over 99% of
*current* email with viruses use forged headers. That being the case,
your antiquated idea of bouncing back these messages is valid less than
1% of the time.
Clearly you need to get a clue and start being responsible for the mail
passing through your systems. There are enough clueless Windows admins
out there to keep us all busy - we don't need to add any Linux admins to
their ranks.
Jon Carnes
On Fri, 2004-04-09 at 19:02, Joshua Gitlin wrote:
> Hey TriLUG,
>
> I received a message today from the network admin of USFamily.net. They
> appear to be a small ISP in Minnesota that resells XO Communications'
> dial up accounts and Qwest's DSL accounts. This guy complained that my
> server was sending him "unnecessary and irresponsible bounce messages".
>
> Now, the "unnecessary and irresponsible bounce messages" in question
> are bounces of messages containing potential virus attachments (*.pif,
> *.exe, *.scr, etc). I have these defined (like everyone else) in
> /etc/antivirus.exim. He is complaining the the user(s) with viruses
> aren't his users, and that the virus is forging the From: address, so
> his users are getting bounce messages from me that they don't deserve,
> and this is causing him to have to do more work. (I guess he didn't
> read his job description)
>
> He doesn't seem to care that bounce messages like these are standard
> practice and therefore has blocked my server from sending him emails
> entirely.
>
> My questions are:
>
> 1. Should I care? is it worth my time to resolve this problem to
> appease one lazy sysadmin? I do have a few clients with online stores
> on my server that need to send emails to their customers. I don't want
> to prevent my customer's customer from getting their online order
> invoices, etc.
>
> 2. Is there any way, with Exim, to block messages with attachments like
> these while the SMTP session is still open, so that bounce messages
> never need to be sent?
>
> 3. If #2 is not possible, can I just stop sending him bounce messages?
> How would I do that in Exim?
>
> Thanks guys!
>
> -Josh
>
> -----------
> Due to the recent increase in spam and falsely sent email, I now PGP
> Sign all of my outgoing mail to prove my identity. This means that you
> will see an attachment called "PGP.sig" with this message. This
> attachment can be used to prove that I am who I say I am. If you are
> not familiar with PGP, you can safely ignore it. For more information,
> please visit http://www.pgp.com/ or http://www.gnupg.org/
>
>
>
>
> ______________________________________________________________________
>
> --
> TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
> TriLUG Organizational FAQ : http://trilug.org/faq/
> TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
> TriLUG PGP Keyring : http://trilug.org/~chrish/trilug.asc
More information about the TriLUG
mailing list