Jeff Brenton wrote:
With forged return addresses, accept-analyze-bounce allows the virus or worm to spread to the unfortunate person whose return address was forged (Micah, in this case), only it now "originates" from "our" server, instead of the infected machine.
Bouncing caught virusses, if indeed just reporting rejected ones back to the alleged sender indeed is part of the problem by constituting a misconfiguration in the mail-filter -- It creates great confusion in many minds. I get several support-call a week where I have to explain that no they don't have to assume they are infected because some virus-scanner out there thinks they did -- But is that what happened here?
As long as IC&S don't filter the mail going through their mail-server running the mailman lists, any mail that claims to be sent by a valid subscriber will be passed to the list. They must have this problem with other mailservices they provide as well, I guess :-)
If you program the MTA to accept-analyze-drop messages, you risk a false positive not being noticed; if the MTA rejects a legitimate message, the sender will not get a report about the error.
What risk of false positives wrt virus-scanning? Are virus-scanner so unreliable as to generate false positives? Can you back up this assertion? I'd be most interested in hearing about this. False positives in virus-scanner usually indicate a bug in the signatures.
-- ________________________________________________________________ Paul Stevens mailto:[EMAIL PROTECTED] NET FACILITIES GROUP PGP: finger [EMAIL PROTECTED] The Netherlands________________________________http://www.nfg.nl
