antivirus in smtp, good or bad?

• Previous message (by thread): antivirus in smtp, good or bad?
• Next message (by thread): antivirus in smtp, good or bad?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

At 08:58 AM 2/3/2004, you wrote:

>Hi,
>  When investigating our mail queue it seems we have quite a lot of mails 
> which
>are stuck in transit...
>
>Whats happening is we're accepting the mail as the primary MX for the 
>domain but
>the user has setup a forwarding to another account at another ISP, they have
>antivirus service on that other account. So we get the mail, spool it and 
>try to
>forward it but then we get a "550 Error: Suspected W32/MyDoom at MM virus" after
>DATA and our server freezes the mail.

Hmmm, well, we certainly kick back virus-laden stuff this way. The 
alternatives are:

1) kick it back during SMTP.

2) drop it on the floor.

or, the third option, which is EXCEEDINGLY BROKEN,

3) send a bounce to the From: address in the email. Because of spoofed 
sender addresses, this then goes to the wrong person, freaks out innocent, 
non-infected people and raises everyone's support costs.


>Surely this is an incorrect way to do this as there will be lots of 
>similar MXs
>like ours backing this mail up? They should accept the mail and then 
>bounce it?

Why must systems accept mail that's virus laden or otherwise not desired at 
a site?

The "bounce" you refer to invariably ends up going to the wrong person(s), 
so that's an exceptionally BAD idea. Many viruses (most of the recent ones) 
forge the sender information. So either accepting and silently dropping, or 
rejecting the SMTP session with a 55x are the only viable choices.

• Previous message (by thread): antivirus in smtp, good or bad?
• Next message (by thread): antivirus in smtp, good or bad?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]