North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Clueless anti-virus products/vendors (was Re: Sober)

  • From: Todd Vierling
  • Date: Tue Dec 06 11:59:21 2005

On Mon, 5 Dec 2005, Douglas Otis wrote:

> A less than elegant solution as an alternative to deleting the message, is
> to hold the data phase pending the scan.

Contrary to your vision of this option, it is not only elegant; it happens
to be the *correct* thing to do.

Dropping the message on the floor is arguably stretching the bounds of
RFC2821.  If a message is going to be dropped because of a policy (such as a
worm/virus flag), you really should be rejecting after DATA with a RFC1893
5.7.x extended result code.

> Another solution would be not returning message content within a DSN.

If you're still sending to a forged address, how is this not still UBE...?

-- Todd Vierling <[email protected]> <[email protected]> <[email protected]>