Stop Bouncing Email Viruses

| No Comments

As Jim said: having a mail server that sends bounce messages in response to viruses that are known to forge the message sender is a very, very bad thing..

And as Schwern said:

A short plea to mail admins worldwide. STOP BOUNCING EMAIL VIRUSES!

My email address is plastered all over the Internet. Every time a new virus comes out I get plastered by hundreds of messages. NOT viruses, because my spam filter nails them easy, but messages informing me I sent them a virus! Those are nearly impossible to filter without throwing out all legit bounce messages, too.

I know you're trying to be helpful, but you're sending email to the wrong person: ME. I did not send you that virus. I know better than to run Windows on an open network. Any virus worth its bits fakes the From line these days. I'm a "public figure" on the Internet. My address is plastered all over the place. The virus just grabbed it from somebody's address book or web cache.

So from myself and lots of other people who have very visible email addresses: STOP BOUNCING VIRUSES! They're not getting back to the source. You're just adding to the problem.

Thank you.

I didn't get a single Sobig.F virus in my inbox. But boy did I get a lot of the "you've sent a virus to foo@example.com" crap, those are sent by real systems sadly.

No, I don't run any virus scanners, but as Jim pointed out then it got blocked by the "check_earlytalker" plugin in qpsmtpd. The Sobig.F smtp implementation starts talking before the smtp server says hello. A lot of spammers does the same, the idea being that they can get their junk out a little faster. No real mail system does that; as they generally are written by people who at least glanced over the RFC. (Even if you use the common pipelining ESMTP extension then you can't start pipelining until you have negotiated that).

The really cool thing about qpsmtpd is that it's so easy to try out things like "check_earlytalker" (contributed by Devin Carraway). A dozen lines of Perl is all you need to extend or tweak the core functionality. Almost everything but the core SMTP engine is in little neat plugins like that.

Leave a comment

About this Entry

This page contains a single entry by Ask Bjørn Hansen published on August 23, 2003 9:42 AM.

Find recent content on the main index or look in the archives to find all content.

Pages

OpenID accepted here Learn more about OpenID
Powered by Movable Type 4.33-en
/* bf */