Stories
Slash Boxes
Comments
NOTE: use Perl; is on undef hiatus. You can read content, but you can't post it. More info will be forthcoming forthcomingly.

All the Perl that's Practical to Extract and Report

The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
 Full
 Abbreviated
 Hidden
More | Login | Reply
Loading... please wait.
  • Disclaimer: I do AV/Anti-spam for ~ 250,000 folk. Many of my e-mail addresses are also plastered all over the 'net, so I get plenty of these bounces too.

    Still, from my perspective, mail must *not* get lost. Failure to deliver a message to it's recipient must *always* generate a bounce message (i.e., an SMTP 5xx error).

    Why? Because I don't trust anti-virus software to always do the right thing. I don't trust anti-spam software to always do the right thing. I don't trust *BLs and local block lists to

    • I fail to see how an automated message saying "A message you didn't send to someone you don't know couldn't be delivered" is useful.

      • I fail to see how an automated message saying "A message you didn't send to someone you don't know couldn't be delivered" is useful.

        It's not. And if you've got an algorithm that can determine when to silently drop mail on the floor with no false positives, I'm all ears. But RFC 2821, s4.2.5 is quite clear on an MTA's responsibilities after it accepts a message. I don't think picking and choosing which bits of an RFC to implement is a good idea.

        Yes, 2821 is in need of an update to deal with today's In

        • If you can detect that the message contains a virus, don't send the virus back. If you can detect which virus the message contains, you can tell whether the virus spoofs e-mail addresses. If it does, don't even send a bounce.

          I gather from the fact that so many of these bounce messages say "Your message tested positive for Sobig" that both points are actually possible — and pratical.

          • If you can detect that the message contains a virus, don't send the virus back.

            Doesn't work if you're trying to save cycles for wanted mail, and rejecting messages based on attachment types, or other content (e.g., the presence of web bugs).

            To be specific, consider three sites, A, B, and C. B has the virus, and is sending mail to C, with forged headers that look like it came from A.

            If C refuses to accept the message (SMTP 5xx), it's B that generates the bounce message to A. The mail logs at B shoul

            • If C refuses to accept the message (SMTP 5xx), it's B that generates the bounce message to A. The mail logs at B should show (a) a high number of bounces going to A, (b) a large number of 5xx rejections from C. The mail admins at B *should* notice this, and do something about it, and (c) admins at both A and C should notice this, and start complaining to B.

              Oh yeah, I remember the problem I had with this idea. WHAT MAIL ADMIN?!

              I'm it. One guy with a laptop. I'm sure there's lots and lots and lots of other people out there in the same boat. The scenario above seems circa 1992 when either you got a mail account from a university or your computer savvy employeer. Both involve large numbers of users with dedicated system administrators. While there's still plenty of places like this, you can't simply ignore Joe Single User.

              The other problem is its not three sites. Its three THOUSAND sites! Its not B sending the virus to C making it look like A. Its half the Internet sending the virus to the other half making it look like A. I'm A.

              To give you an idea of the magnitude of the problem...

              ~ $ ls -l /var/mail/schwern
              -rw-------    1 schwern  schwern   2725439 Aug 27 14:29 /var/mail/schwern
              ~ $ ls -l ~/Mail/spam
              -rw-------    1 schwern  schwern   4852022 Aug 27 14:45 /Users/schwern/Mail/spam

              This is about 18 hours worth of my personal mail. Keeping in mind that my inbox contains about 340 old messages. I got about 130 new messages that weren't filtered. About 30% of them are unfiltered bounces. I got 667 filtered pieces of spam. The overwhelming majority is bounces from all over the Internet.

              You really think the proper solution is for me to contact them all?