Christopher X. Candreva wrote: > On Tue, 28 Dec 2004, Daniel J McDonald wrote: > > > That's still back-scatter, just one relay removed. If Lucy is > > infected, and sends mail with Mary's return address through Lucy's > > usual mail relay, then when the relay gets a 554 it will send the DSN > > back to Mary, often including the virus. Mary then gets infected and > > starts sending mail with Joe's return address.... > > That's back-scatter on the part of Lucy's mail server, which should > either have a virus scanner, not be accepting mail with forged return > addresses, or both. > > Frankly I've not heard anyone define back-scatter this way - that the > scatter is MY fault if I return a 550 at my gateway. > > Pardon me if I'm confusing a discussion here with something from either > the spamassassin or SPAM-l lists, but every discussion I've read says > that returning a 550 at your gateway is the prefered method, as it > blocks actual bad stuff, while returning an error to the actual sender > of a false positive. And while few and few between, clam does get some > FPs.
It is one of those, how long is a piece of string? type debates. There are arguments for and against. It is personal preference generally. As long as it is not allowed into your system and then bounced, that's the main thing. I, personally, agree with Daniel. Crap is crap. No use leaving it out in the wild and letting some unfortunate bugger get saddled with it. You may as well just bin it. Matt _______________________________________________ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
