On Thursday 16 December 2004 20:09, JoeHill wrote: > > Ideally what I want to do is to get my server to just say "Bog off" > > when the delivery attempt is made. > > Well, AFAIK, the only way to do that is with a bounce, and there's the rub.
Actually, not necessarily. In Postfix, if you setup to reject the message you basically send a reject code 554 which tells the originating server that the mail is rejected. It does NOT bounce to the FROM address, it actually drops the mail at the connecting server. So, if this is a virus propagating machine, it is the one receiving the bounce, not the spoofed address. If you are using fetchmail or the like and pulling mail from a server, you are indeed unable to drop the connection machine, however, most mail servers that relay are set to simply drop mail when they receive a 554 reject code, so no bounce message is ever sent, the mail just drops. Of course, some might actually try to send a reject to the From address assuming that is the originator, but with all the mail viruses today, most mail servers don't bother. However, for viruses, it is impossible to issue a 554 on connect because the only way to know it is a virus is to download the body and by the time you get all of the mail, it is simply too late to reject it. So, the only choice is to drop it yourself unless you want to go to the trouble of manually bouncing the mail to the From which would be pointless. > Something to check out: > > http://agriroot.aua.gr/~nikant/nkvir/ > > Just add it to your .procmailrc, follow the instructions to make sure it's > config'd properly, and you can /dev/null them if you want (though it's not > recommended). I've been using this recipe for over a year and only had one > false positive. Also, you could install and run Amavis, amavis-new, etc. along with clamav which has Mandrake RPM's available. That will provide virus detection and filtering and gives you the option of disregarding all notification and dumping viruses or you can collect them and impress your friends. I have 8 different ones now, including 4 variations on the same virus. I am competing against my friend that runs Windows, but I am starting to doubt that I will ever catch up. I guess Windows really is just better at some things than Linux. ;-} -- Bryan Phinney
____________________________________________________ Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Join the Club : http://www.mandrakeclub.com ____________________________________________________
