MailScanner notifies recipients even with Sender Notify off

Matt Kettler mkettler at EVI-INC.COM
Fri Oct 15 18:07:20 IST 2004 

<x-flowed>
At 12:35 PM 10/15/2004, A. Sajjad Zaidi wrote:
>It's understandable if it goes to the sender when 'Notify Senders' is
>on, which it does, but it doesn't make sense to notify the recipient as
>well. The notice gets sent regardless of what 'Notify Senders' or the
>other notification settings are set to.

Why does it not make sense to notify the Recipient? At least then the
recipient has a chance to review if it's really something they expected.
Besides, there may be valuable parts of the message that MS did not quarantine.

Look at the Silent Viruses option in mailscanner.conf if you want to
silence all notices. You'll also need to turn off "Still Deliver Silent
Viruses".

Quite frankly, it *ONLY* makes sense to notify the Recipient if you suspect
a virus, as the sender is likely a forgery.

IMHO it is actually a malicious misconfiguration of a server to even try to
notify the sender with a post-delivery return unless you have reason to
believe it's not forged. As a matter of policy I outright blacklist SMTP
servers sending more than 2 broken virus notices in the same week to my
network. Some viruses don't forge, and for those few, it's fine, but if I
get 3 notices claiming mkettxxx at evi-inc.com sent you a netsky virus, a
notice is sent to postmaster and the server gets blacklisted. I tend to
remove those blacklists when they become quiet with no messages from the
server for at least 1 month.

I handle broken list-post bounces, and broken vacation rules the same way,
although I clear vacation blockades after 2 weeks.

It's a harsh policy, but I need to protect my network from risk of being
flooded with thousands of broken virus notices from one of these servers.
Broken notices are as bad as spam, if not worse, and they waste resources
here on my network.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

More information about the MailScanner mailing list