[67118] in North American Network Operators' Group
Re: antivirus in smtp, good or bad?
daemon@ATHENA.MIT.EDU (Suresh Ramasubramanian)
Tue Feb 3 09:06:08 2004
Date: Tue, 03 Feb 2004 19:34:50 +0530
From: Suresh Ramasubramanian <suresh@outblaze.com>
To: "Stephen J. Wilcox" <steve@telecomplete.co.uk>
Cc: nanog@merit.edu
In-Reply-To: <Pine.LNX.4.44.0402031353530.1968-100000@server2.tcw.telecomplete.net>
Errors-To: owner-nanog-outgoing@merit.edu
Stephen J. Wilcox [2/3/2004 7:28 PM] :
> Whats happening is we're accepting the mail as the primary MX for the domain but
> the user has setup a forwarding to another account at another ISP, they have
> antivirus service on that other account. So we get the mail, spool it and try to
> forward it but then we get a "550 Error: Suspected W32/MyDoom@MM virus" after
> DATA and our server freezes the mail.
>
> Surely this is an incorrect way to do this as there will be lots of similar MXs
> like ours backing this mail up? They should accept the mail and then bounce it?
Don't bounce. Reject with 5xx during the SMTP transaction (immediately
after the DATA stage). If you accept the mail and detect a virus later,
trash it instead of generating a bounce.
If you don't want to set up antivirus, at least set up Exim (preferably
with exiscan-acl) to reject mail with suspicious attachments.
You might want to try the exim-users list for some more on this.
--
srs (postmaster|suresh)@outblaze.com // gpg : EDEDEFB9
manager, outblaze.com security and antispam operations
