MailScanner notifies recipients even with Sender Notify off

A. Sajjad Zaidi sajjad at IINIX.COM
Sat Oct 16 08:17:15 IST 2004 

Hi,

On Fri, Oct 15, 2004 at 01:07:20PM -0400, Matt Kettler wrote:
>
> Why does it not make sense to notify the Recipient? At least then the
> recipient has a chance to review if it's really something they expected.
> Besides, there may be valuable parts of the message that MS did not
> quarantine.

True, but a lot of people get annoyed by it. When it isn't annoying, it
confuses them and we have to waste time explaining why they received the
message.

> Look at the Silent Viruses option in mailscanner.conf if you want to
> silence all notices. You'll also need to turn off "Still Deliver Silent
> Viruses".

This is what I currently have:

Silent Viruses = HTML-IFrame All-Viruses
Still Deliver Silent Viruses = no

Should I also add the other options for "Silent Viruses" (i.e.
HTML-Codebase, HTML-Script, HTML-Form)?

> Quite frankly, it *ONLY* makes sense to notify the Recipient if you suspect
> a virus, as the sender is likely a forgery.

Well if the sender is likely a forgery, the message is probably also
useless to the recipient. I think it makes sense to notify either party
if the virus isn't one that forges addresses. If it is, then no notice
should be sent to anyone.

> IMHO it is actually a malicious misconfiguration of a server to even try to
> notify the sender with a post-delivery return unless you have reason to
>
<snip>
>
> It's a harsh policy, but I need to protect my network from risk of being
> flooded with thousands of broken virus notices from one of these servers.
> Broken notices are as bad as spam, if not worse, and they waste resources
> here on my network.

Agreed. And it's a lot less harsh than permanently blocking the
offending network/ip/domain.

--
A. Sajjad Zaidi                      http://www.sajjadzaidi.com/
GnuPG Key ID: 0xD7AD0E13

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

More information about the MailScanner mailing list