how to enable notification to the virus sender user

Thu Apr 21 09:22:53 CEST 2011

Marco Fretz schrieb am Thursday, den 21. April 2011:

> 
> On Apr 19, 2011, at 9:26 AM, Alexander Wirt wrote:
> 
> > Marco Fretz schrieb am Tuesday, den 19. April 2011:
> > 
> >> 
> >> On Apr 1, 2011, at 5:53 PM, Mark Martinec wrote:
> >> 
> >>> Kshitij,
> >>> 
> >>>> Hello everybody from this i know very well what i am doing rather than
> >>>> guiding me for experience.
> >>>> 
> >>>> Please any can tell be the copnfiguration for amavisd-new to enable
> >>>> virussendernotification .
> >>> 
> >>> $final_virus_destiny  = D_BOUNCE;
> >>> @viruses_that_fake_sender_maps = ();
> >>> 
> >>> But ... don't do that!
> >>> 
> >>> The only sensible way to warn a potentially valid sender of
> >>> infected mail is to use a pre-queue setup and to D_REJECT viruses,
> >>> *not* to bounce them.
> >> 
> >> btw. That is the best way to handle virus and spam mails! Reject in smtp-dialoge with sending mailserver. That way the sending mailserver will create the bound back to the original sender (if there is one) and not you, you won't have any problems with getting blacklisted and you don't have to handle the junk mails.
> > That is indeed the best way to get unsubscribed from mailinglists as this
> > behaviour triggers bounce handling. Unless you are able to discard mails of
> > severity junk or lists - don't do this. 
> 
> I never thought about that. It's an interesting point: The question is why should a mailing list forward spam to its members when my spamassassin can reject them with a clear score above 6.31 (the best proven reject level for SA). and if the blacklist does forward such spam (thus is not using content filtering) why should I as a mail provider care? even for a workaround our users are able to whitelist senders via a Web user interface for their accounts, domains, etc. 
we are running a listserver for ~200k users in several languages. It is
impossible to have spamfilters that get every spam without false positives.
As a public service we usually are not able to do spamfiltering as hard a
user would do it for its private mail. 

> You should really read "Das Postfix Buch" by "Peer Heinlein" if you haven't yet. He makes a really good point about spamhandling, false-positives and lawful background. 
I usually don't follow his points. 

> As I said, we haven't had any problems so far. If more and more providers and enterprises start using this spam handling strategy (what's currently happening) the mailinglists will have to think again about their bound handling and spam filtering solution. 
Ehm, please read the relevant SMTP RFCs. Its not really possible to
differate a bounce if a user don't exists from a spam reject. (Yeah you could
start parsing dsn's but this is not really an option). 

> another question you could ask yourself: why should I fight with my customers about false-positves laying around in their junk-boxes? why not let the sender fight with his provider why his mail was marked as spam somewhere in the world? 
If you subscribe to a mailinglist accept the mail - or don't subscribe. If
you discard it afterwards I/we don't care. 

Alex