[plug] [Hey Bernd] Re: Undelivered Mail Returned to Sender

Craig Ringer craig at postnewspapers.com.au
Sun Sep 12 22:20:12 WST 2004 

On Sun, 2004-09-12 at 18:49, Craig Foster wrote:

> Why not just drop mail with executable / scripting sttachments? Spamassasin
> with vbs/pif/exe attachments +100 will do it.

Because many viruses are contained in zip files, sometimes encrypted to
prevent easy scanning.

> You can also use Messagewall to scan and drop Clam AV-positive mail at the
> SMTP level. It's in unstable I think.

This works, but there are so many new variants being released all the
time that it's not particularly effective.

My personal solution has been quite effective: quarantine zip files,
too. The false positive rate is near zero, so the time and fuss of
retrieving one is well worth the pain saved the rest of the time.

> Personally, I would like to see ISPs build in the outbound virus scan into
> their base products.

How do you propose that they do that? A transparent mail proxy perhaps?
Or should they simply forbid clients to send mail except via their
servers?

Most mass-mailing worms use a built-in SMTP client. They do not use the
user's mail client or settings in any way. As such, any "solution" to
them involving blocks and filters by the ISP would also impact on anyone
running their own mail server.

I'm not even remotely interested in my ISP transproxying my mail. I run
my own server because I'm sick of ISP servers being slow and unreliable
- I don't want them to force that on me indirectly. I prefer my mail to
arrive the day I send it. Much the same goes for having the ISP force
mail though their servers by simply blocking outgoing port 25.

I /do/ think it's valuable to provide _optional_ blocks or filters. Many
ISPs already block outgoing traffic on port 25 by default, and I
appreciate it - so long as I can turn it off on my account.

> I love the way SME Server / E-smith transparently proxies SMTP traffic
> through the mail server (mailfront / qmail), and combined with ClamAV, it
> cleans most (if not all) mail for viruses. Why couldn't ISPs do something
> similar?

To an extent, they do - WestNet offers a mail filtering service, for
example. However, ISPs seem to have a hard time keeping their mail
servers running and delivering mail at a decent rate without the added
overhead of scanning and filtering.

--
Craig Ringer

More information about the plug mailing list