NOTE: use Perl; is on undef hiatus. You can read content, but you can't post it. More info will be forthcoming forthcomingly.
All the Perl that's Practical to Extract and Report
about I/O disciplines and I should retire to the Tassili-in-Aijer
mountains in Sahara as a camel herder :-)
-- Jarkko Hietaniemi
Stories, comments, journals, and other submissions on use Perl; are Copyright 1998-2006, their respective owners.
Is bouncing bad? (Score:1)
Disclaimer: I do AV/Anti-spam for ~ 250,000 folk. Many of my e-mail addresses are also plastered all over the 'net, so I get plenty of these bounces too.
Still, from my perspective, mail must *not* get lost. Failure to deliver a message to it's recipient must *always* generate a bounce message (i.e., an SMTP 5xx error).
Why? Because I don't trust anti-virus software to always do the right thing. I don't trust anti-spam software to always do the right thing. I don't trust *BLs and local block lists to
Re:Is bouncing bad? (Score:1)
I fail to see how an automated message saying "A message you didn't send to someone you don't know couldn't be delivered" is useful.
Re:Is bouncing bad? (Score:1)
It's not. And if you've got an algorithm that can determine when to silently drop mail on the floor with no false positives, I'm all ears. But RFC 2821, s4.2.5 is quite clear on an MTA's responsibilities after it accepts a message. I don't think picking and choosing which bits of an RFC to implement is a good idea.
Yes, 2821 is in need of an update to deal with today's In
Re:Is bouncing bad? (Score:1)
If you can detect that the message contains a virus, don't send the virus back. If you can detect which virus the message contains, you can tell whether the virus spoofs e-mail addresses. If it does, don't even send a bounce.
I gather from the fact that so many of these bounce messages say "Your message tested positive for Sobig" that both points are actually possible — and pratical.
Re:Is bouncing bad? (Score:1)
Doesn't work if you're trying to save cycles for wanted mail, and rejecting messages based on attachment types, or other content (e.g., the presence of web bugs).
To be specific, consider three sites, A, B, and C. B has the virus, and is sending mail to C, with forged headers that look like it came from A.
If C refuses to accept the message (SMTP 5xx), it's B that generates the bounce message to A. The mail logs at B shoul
What's a 5xx rejection? (Score:2)
Re:What's a 5xx rejection? (Score:1)
The "You sent us a virus" messages are the ones from products like NAV that try to be helpful, while at the same time marketing the product. They're generated by the site that's doing the scanning (so if B is infected, sends a message to C, forged to appear to
Re:What's a 5xx rejection? (Score:2)
I get so few of those. :( Most are of the NAV variety.
But it doesn't seem anyone's hit upon the simple idea of a mail header:
Different SMTP servers encode their response code in different ways in the body of the mail. That its just more mail that I have to scan and junk. Since the format isn't unambiguous, I'm back to writing rules. :( However, they are significantly easier rules than what NAV and friends are causing me to write.
Ideally what I'd want is for server A to tell my SMTP server "Hey, you sent me a virus" in a clear way so that my SMTP server can throw it away before I ever see it. A simple mail header would be nice.
For no particular purpose, here's a very small sampling of the transcripts I've been getting that contain "554".
Reply to This
Parent