On Fri, May 14, 2004 at 08:24:54AM -0500, Dallas L. Engelken wrote:
> I specifically said 're-attach'. I did not say 'append in plain text'.
> I'd love to see an end user get base64 into an executable to infect
> themselves from an appended bounce message.
> ...
>
> Nothing I work with seems to m
> >
> > Just curious which smtp clients re-attach the original message and
> > send it back to the return-path?? Whoever does this should
> be shot!
> > I don't
>
> Err - Qmail for starters? Sendmail? Postfix? Exchange? All
> mail servers default to bouncing the ENTIRE message back to
> se
On Thu, 2004-05-13 at 14:58, Jason Haar wrote:
> On Thu, May 13, 2004 at 03:07:40PM +1000, Adam Goryachev wrote:
> > There are some dis-advantages that should be considered, which don't
> > seem to have been noticed yet. Namely, *IF* a worm sent it's message
> > using the configured SMTP relay, and
On Fri, May 14, 2004 at 12:00:02PM +1000, Adam Goryachev wrote:
> b) Hopefully if the mailserver bounced the email, it didn't allow the
> original attachment to be included such that the receiver's mail program
> can access it. ie, you always get at least a section of the original
Well most MTAs b
On Fri, 2004-05-14 at 07:58, Jason Haar wrote:
> On Thu, May 13, 2004 at 03:07:40PM +1000, Adam Goryachev wrote:
> > There are some dis-advantages that should be considered, which don't
> > seem to have been noticed yet. Namely, *IF* a worm sent it's message
> > using the configured SMTP relay, and
On Thu, May 13, 2004 at 05:14:21PM -0500, Dallas L. Engelken wrote:
> >
> > Seriously, my current take on this is that the currrent
> > system never sends viruses, and this "fix" will [effectively]
> > cause Q-S to generate viruses
> >
> > Why does that scare me?
> >
>
> Just curious which sm
>
> Seriously, my current take on this is that the currrent
> system never sends viruses, and this "fix" will [effectively]
> cause Q-S to generate viruses
>
> Why does that scare me?
>
Just curious which smtp clients re-attach the original message and send
it back to the return-path?? Whoev
On Thu, May 13, 2004 at 03:07:40PM +1000, Adam Goryachev wrote:
> There are some dis-advantages that should be considered, which don't
> seem to have been noticed yet. Namely, *IF* a worm sent it's message
> using the configured SMTP relay, and the SMTP relay forwarded the
> message to a system con
> But no-one has explained why it is better than the current system!
>
> Instead of giving a SMTP error, you get a personally written,
> virus-specific
> report send to your address.
>
> If the virus was generated by a trojan, neither option would
> cause the user
> to be notified.
>
> If thi
On Thu, 2004-05-13 at 11:31, Jason Haar wrote:
> On Wed, May 12, 2004 at 05:09:39PM -0500, Dallas L. Engelken wrote:
> > Personally, I 550 for the simple fact that its less overhead than
> > forking a call to qmail-queue to inject (a|several) custom crafted
> > notification message. Does that mak
On Wed, May 12, 2004 at 05:09:39PM -0500, Dallas L. Engelken wrote:
> First of all, this is not a debate...
I think it is.
I think this is *exactly* the place to debate such things. Where else should
such thing be discussed?
> Personally, I 550 for the simple fact that its less overhead than
>
>
> On Wed, May 12, 2004 at 08:08:04AM -0500, Dallas L. Engelken wrote:
> > Nobody will bitch at you for handing a 550 to a virus infected
> > email... I guarantee it!
>
> But no-one has explained why it is better than the current system!
>
First of all, this is not a debate...
Jesse was maki
On Wed, May 12, 2004 at 08:08:04AM -0500, Dallas L. Engelken wrote:
> Nobody will bitch at you for handing a 550 to a virus infected email...
> I guarantee it!
But no-one has explained why it is better than the current system!
Instead of giving a SMTP error, you get a personally written, virus-sp
> >
>
> Sending a 5xx error only makes sense if a message is
> quarantined due to policy reasons (by perl_scanner) since
> that is usually where you have false positives. Otherwise
> 99.9% of messages that have detectable viruses have fake
> senders and therefore it would be meaningless to s
> Well, I understand what you are proposing. I have tried this way my
> self and after the tests I leave it...
>
> Look at the post Jason has sent after our posts of yesterday. "In my
> opinion", actually, it is not a good practice to notify the sender,
> because "almost" all the sender (except
>
> 1. I am an infected Windows PC. I use SMTP to send the virus to my
> default SMTP gateway, it rejects the message (due to virus)
> at the SMTP
> layer. The virus doesn't report that SMTP error to the end user - so
> they are unaware they are infected.
>
How many viruses send mail via the
Jesse Guardiani wrote:
I'm eager to hear what Jason Haar has to say about this. I don't know
how error codes are generated in q-s so I can't really comment on the
usability of the above code, but in concept it looks like what I'm
suggesting.
I'm afraid I really don't like this. This issue is as
> >
> > if ($REJECT_VIRUS && $quarantine_event && $destring =~
> m/^virus/) {
> >&error_condition("Virus detected, send SMTP error
> code...",33);
> > }
> >
> > if ($REJECT_SPAM && $spam_event) {
> >&error_condition("Spam detected, send SMTP error
> code...",32);
> I'm eager to hear what Jason Haar has to say about this. I don't know
> how error codes are generated in q-s so I can't really comment on the
> usability of the above code, but in concept it looks like what I'm
> suggesting.
>
>
> --
> Jesse Guardiani, Systems Administrator
> WingNET Internet
19 matches
Mail list logo
