[vox-tech] the answer to all my virus problems
vox-tech@lists.lugod.org
vox-tech@lists.lugod.org
Sun, 21 Sep 2003 06:28:18 -0700
On Sun 21 Sep 03, 1:57 AM, Ken Bloom <kabloom@ucdavis.edu> said:
>
> On 2003.09.20 22:10, p@dirac.org wrote:
> >On Sat 20 Sep 03, 9:20 PM, Ken Bloom <kabloom@ucdavis.edu> said:
> [Snip older quotings]
> >> Umm, please consider the golden rule when sending reject messages.
> >> Do not unto others as you would not want done unto you.
> >> This can go two ways though because you might not want your legit
> >> messages silently dropped. You be the judge.
> >
> >umm, there must be some kind of confusion here.
> >
> >these messages aren't silently dropped. they're rejected. there's a
> >big difference...
> >
> >that's why they're called "reject messages". :-)
> >
> >pete
>
> I'll clarify. Do not unto others as you would not want done unto you,
> There are two situations I specifically had in mind here. I only wrote
> one out and it was kind of confusing, so I appologize for that.
>
> (a) Supposing a Klez-like virus got dropped by this filter: you would
> send out a rejection message to the wrong sender - and I know you've
> all been trying to rig your mailers to ignore these rejection messages
> (Bill Kendrick mentioned wanting to do this earlier in the thread).
> Hence, do not unto others as you would not want done unto you.
ken, stop. you're confused.
you should google/RTFM for the definitions of "email" and "reject
message". they're not the same thing.
> I thought (a) was fairly obvious, but I guess not.
there's very little in this universe that's obvious. if anything is
obvious to you, you're not thinking about it in great enough detail.
i just made that up. pretty cool, eh?
> (b) Supposing you decided to spare others from being falsely accused of
> sending viruses. You would decide then to silently drop all incoming
> exe attachments. Supposing one of your messages to someone else were to
> match the pattern. I assume because you all use Linux that that message
> would have some useful content in it, not spam and not (heaven forbid)
> a virus. You would not want that message silently dropped because it
> has useful information in it. Hence, you need to consider in this case
> also: do not unto others as you would not want done unto you.
>
> I think silently dropping .exe messages is probably a better solution,
> because false positives for .exe messages are going to be extremely
> rare (especially since you use Linux), but sending reject messages to
> innocent parties will happen fairly frequently.
>
> (Unless I'm misunderstanding how our mail system sends reject messages)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
BINGO! we have a winner! here, i have an idea, ken. look at this:
[1]
p@satan$ telnet mailin-04.mx.aol.com 25
Trying 152.163.224.122...
Connected to zd.mx.aol.com.
Escape character is '^]'.
554- (RTR:BB) The IP address you are using to connect to AOL is a
554- dynamic (residential) IP address. AOL will not accept future
554- e-mail transactions from this IP address until your ISP removes
554- this IP address from its list of dynamic (residential) IP
554- addresses. For additional information, please visit
554- http://postmaster.info.aol.com.
Connection closed by foreign host.
compare it with this:
[2]
p@satan$ telnet mailin-04.mx.aol.com 25
Trying 152.163.224.122...
Connected to zd.mx.aol.com.
Escape character is '^]'.
helo dude
Hello, dude. Pleased to meet you. You can type "help" for help.
mail from: Ken Bloom <kabloom@ucdavis.edu>
rcpt to: unsuspecting_user@aol.com
data
From: General Abad Allaboobaa (ret) <spam@spam.spam>
To: The friendly public
Subject: BUSINESS PROPOSAL
You've heard it all before. Just fork over your money. mmkay?
.
[2] constitutes an email. spam, in fact. but look what happened. AOL
didn't give me chance to send the email. it closed the doors ([1])
before i even got the chance. one of these sessions constitutes email.
the other doesn't.
before replying to this email, please do some googling. once you get
the facts down straight, i'd be happy to continue this thread.
pete
ps- something occured to me. you're prolly confusing the terms "bounce
message" and "reject message".
--
GPG Instructions: http://www.dirac.org/linux/gpg
GPG Fingerprint: B9F1 6CF3 47C4 7CD8 D33E 70A9 A3B9 1945 67EA 951D