[Mailman-Users] Re: Sobig forces unsubscribes

Will Yardley william+mm at hq.newdream.net
Wed Sep 3 01:34:28 CEST 2003


On Tue, Sep 02, 2003 at 07:04:19PM -0400, Rob Carlson wrote:

> My list owners are getting Sobig files bounced to them through the
> administrative addresses.  One of their ISPs has decided to reject
> those relayed messages with a 550 User Unknown because they contain
> Sobig.  The mailman-owner gets this bounce back and kicks them off
> all the lists.

If either is an option, reject (or discard) the incoming viruses in
the first place, or else strip incoming messages to the list-owner
using demime or something similar. Don't know if it's entirely
appropriate to demime messages to the list-owner, however. I certainly
wish Yahoo Groups would do this - we've seen a number of customers
write in because they're getting unsubbed from Yahoo groups for this
reason.

We've had several users with problems like this; the problem is that
it's obviously a bad idea to let our users get Sobig viruses (#1, the
sheer volume of messages is really annoying, and #2, I would like
to avoid having users get infected). However, I think it's a good
overall policy to reject any message that's not delivered - with any
sort of filter based on content, you're running a risk of rejecting
legitimate messages, so it's important that the sender realize the
message wasn't delivered. Since the virus sends direct-to-MX, the case
of messages going through a MLM is one of the only cases where you'd
likely experience problems like this.

> She's asked her admins to change it to a 554 Service Unavailable
> bounce, but I'm not even sure that will make a difference if my
> machine keeps trying to send them.  Is there a simple way I haven't
> thought of to strip out the Sobig posts to the list owners?

While 554 or 553 would probably be slightly more appropriate, 550 simply
means "mailbox unavailable", and AFAICT, is appropriate to use when
rejecting a message for policy reasons (rfc2821, while still just a
proposed standard, is a little clearer about this than 821).

specifically:
(4.2.2)
      550 Requested action not taken: mailbox unavailable
         (e.g., mailbox not found, no access, or command rejected
         for policy reasons)

-- 
"Since when is skepticism un-American?
Dissent's not treason but they talk like it's the same..."
(Sleater-Kinney - "Combat Rock")






More information about the Mailman-Users mailing list