Date: Mon, 01 Mar 2004 17:08:20 +0000 From: Andrew Boothman <andrew@mux.org.uk> To: =?ISO-8859-1?Q?Dag-Erling_Sm=F8rgrav?= <des@des.no> Cc: Kris Kennaway <kris@obsecurity.org> Subject: Re: SPAM/virii apparently from freeBSD addresses. Message-ID: <40436E04.9000706@mux.org.uk> In-Reply-To: <xzpfzcstspb.fsf@dwp.des.no> References: <Pine.BSF.4.21.0402291639340.27862-100000@InterJet.elischer.org> <20040301032856.GA10110@xor.obsecurity.org> <xzpfzcstspb.fsf@dwp.des.no>
next in thread | previous in thread | raw e-mail | index | archive | help
Dag-Erling Smørgrav wrote: >>>Somewhere out there there is a ?Virus?/?Hacker?/?Spammer? >>>getting really annoying.. >> >>Yeah, but what do you expect anyone to do about it? > > > Swen and MyDoom are easy to detect and reject at the SMTP stage. The > fact that our mail servers don't do this is a PITA, as it forces list > subscribers to accept them as well (if you reject list mail because it > contains a virus, Mailman disables your subscription). You shoudn't reject email because it contains Swen or MyDoom anyway, all you'll do is generate a bounce message to someone who never sent you the infected mail in the first place - becuase the SMTP envelope addresses are forged. I believe the correct thing to do is to accept in and silently drop it.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?40436E04.9000706>