SMTP store and forward requires DSN for integrity (was Re:Clueless anti-virus )
Matthew Sullivan
matthew at sorbs.net
Sat Dec 10 11:54:24 UTC 2005
Robert, sorry I missed the full conversation, and don't have time to
read the whole thread, but based on your mail alone a few words of
agreement...
Please remember people..
RFC 2821 states explicitly that once the receiving server has issued a
250 Ok to the end-of-data command, the receiving server has accepted
responsibility for either delivering the message or notifying the sender
that it has been unable to deliver. RFC2821 also says that a message
MUST NOT be dropped for trivial reasons such as lack of storage space
for the message. To that end is a detected
virus/trajan/malware/phishing scam etc... a trivial reason to drop the
message?
Personally I believe that not trivial means not unless the entire server
crashes and disks fry etc... To that end I am a firm believer that
malware messages SHOULD BE rejected at the end of the data command
(which is why I have gone to great lengths to ensure this happens at
$employer, and at SORBS).. Failure to have the resources available to
perform the virus scanning will result in the messages being delivered
to the recipient as a broken message (attachment stripped).
There is certainly NO EXCUSE for ANYONE to bounce virus warning messages
to ANY user whether local or remote, particularly when the anti virus
software will identify the virus and the virus is KNOWN to forge the
sender address.
As such anyone bouncing large numbers virus warning messages are game
for having their servers blocked, and I will not apologise to anyone
getting caught by a SORBS automated spamtrap getting a virus warning
message (though I will remove them promptly when notified of such an entry).
Regards,
Mat
More information about the NANOG
mailing list