On 3/26/2015 6:20 AM, Reindl Harald wrote:
and everybody acting that way for mails which are not only his own
should refrain from maintain a mailserver because he is playing
lottery with other peolles communication
You are inherently entitled to your opinion but we will have to agree to
disagree because I believe the exact opposite that if you are not
capable of knowing the cases to properly silently discard email than you
have no business running a mailserver because you'll do more harm than
good to the overall ecosystem. At a very minimum, you should fully
understand the impact of backscatter as well as the extremely viable
vector for spamming/spreading malware through the use of forged headers
to relay payloads through NDRs/DSNs.
While this behavior was helpful to identify compromised machines perhaps
a decade ago, the techniques have long since switched to malicious
behavior.
Your decision and advocacy for others to follow this path makes you a
complicit bystander to how the bad guys work. And I can present facts,
RFCs, best practices, logs, legal analysis, experts on the matter, etc.
All you've stated is some amorphous laws (unquoted) based apparently in
a country where I don't live.
Additionally, you will not convince me to change with a stance akin to
politicians being infallible and that the law shouldn't be changed. If
you live in a place with such a law, you should lobby to improve the law.
I live in Virginia in the US and on the face, you might saw, OMG, KAM is
breaking the law
https://leg1.state.va.us/cgi-bin/legp504.exe?000+cod+18.2-152.4 for
Computer Trespass. However you will notice the clause at the top that
requires "malicious intent". My intent is not malicious. My intent is
to protect the public at large.
If you run a mail server that is sending DSNs/NDRs for everything, you
might want to at least start and consider how you handle forged and
malicious emails. My strong recommendation is that you consider silent
discard of items that have extremely low FPs as a start such as items
identified as having a malicious payload by ClamAV with default rules.
I also suggest you read
http://www.pccc.com/base.cgim?template=sage_code_of_ethics I call it
the IT ten commandments and believe strongly that if you follow it in
your work, you will find yourself rising to the upper echelon of IT admins.
regards,
KAM
