OK - That makes a lot of sense actually. We were rejecting them AND sending the bounce message as well. After doing some testing, it looks like if I just switch to using --quiet on the milter command line, we reject only and don't bounce (or notify postmaster), which is pretty much what I wanted.
The only case I'm worried about is what happens if our primary MX (which is my box and had clamav installed) is offline for whatever reason (eg SDSL down), and the mail gets routed via our secondary MX machines, which are at Easynet and don't do any of this checking. When they try to deliver the mail on to us, it will be rejected - will this cause a mail failure message to get propagated all the way back to the reply-to address? If so then we're good. However, so far in my tests this has been inconclusive. Anyone any thoughts on that? Appreciate the help by the way! regards, Gavin > From: [EMAIL PROTECTED] > Reply-To: [EMAIL PROTECTED] > Date: Wed, 14 Jul 2004 20:18:46 -0700 > To: [EMAIL PROTECTED] > Subject: Clamav-users digest, Vol 1 #839 - 4 msgs > > >> However I do have a setup question (or maybe a feature request) - is it >> possible to have the milter only bounce some messages, based on what virus >> or worm is found in the attachment? For example, I receive a number of >> emails every day with the SomeFool, LovGate and Bagle worms - these all use >> forged 'from' addresses so bouncing the message back is usually not useful >> at all (and clogs up the mail server). In fact I have had a number of emails >> from people asking about the email they have supposedly sent me we are >> tedious to explain if people don't know about spoofing. However, on the >> other hand, if someone I know sends me a Word document with a macro virus, I >> definitely want my mail server to bounce the message back to them so they >> know there's a problem, that I haven't received their email and they need to >> sort out the virus. So I don't want to stop sending some bounces. >> >> So, what would be great would be a feature in the milter where we could only >> send bounces out to certain worms or viruses, and not bother with the ones >> that are known to spoof From addresses. What does everyone think? Or has >> anyone already come up with a way to do that, that they would like to share? > > The way you do that is by rejecting messages at SMTP time, rather than > accepting them and then bouncing them. If the message was coming from a > virus-infested windows box, the virus won't know how to deal with the > rejection, so no bounce will be generated. If, on the other hand, it > was a legitimate message with an accidental virus attachment, then it > will be coming from a legitimate mailserver, and that mailserver will > send a bounce to the sender. It's a win-win situation. > > The catch, of course, is if a virus goes through a relay before coming > to you, then the relay will generate the bounce. But I see that as the > fault of the relay (for accepting/forwarding virus-infected mails) and > not the fault of the machine running clamav. > > Damian Menscher > -- > -=#| Physics Grad Student & SysAdmin @ U Illinois Urbana-Champaign |#=- > -=#| 488 LLP, 1110 W. Green St, Urbana, IL 61801 Ofc:(217)333-0038 |#=- > -=#| 4602 Beckman, VMIL/MS, Imaging Technology Group:(217)244-3074 |#=- > -=#| <[EMAIL PROTECTED]> www.uiuc.edu/~menscher/ Fax:(217)333-9819 |#=- > -=#| The above opinions are not necessarily those of my employers. |#=- ------------------------------------------------------- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=4721&alloc_id=10040&op=click _______________________________________________ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
