moderated Re: Virus scanning

Jim Higgins

Received from Mark Fletcher at 8/23/2018 05:09 AM UTC:

Ok, so new group option for dealing with spam: either moderate or reject, with reject being the default. Rejected messages will be logged in the activity log. If I reject a message, should it bounce back to the sender, or should I blackhole it?

Don't bounce! REJECT during the SMTP transaction if possible. And if not possible, then just blackhole it.

If a message in the archives is flagged as having a virus or phishing attack, should I put a banner on the page saying so? (and should I go back through the archives doing scans)?

For viruses I'd prefer deletion. Given a settable option I'd choose deletion and take the tiny chance it's a false positive rather then set myself up to second guess the scanner. Scans for phishing based on keywords in message bodies are less reliable so a banner might be the thing for that.

Yes on scanning existing files/images (binaries) for viruses. Not sure scanning archived message text would provide much added benefit, but if you have the CPU horsepower, it can't hurt.

The fact that many/most groups don't accept messages from non-subscribers acts as a natural prevention for a lot of this crap.

That and also some groups don't accept attachments... and are plain text only. I've NEVER seen spam or viruses - or even phishing attempts - in plain text email with no attachments.

I don't accept smtp connections from IP addresses that don't have reverse DNS records. I use a few blocklists as well, for all connections to the site, not just email. I haven't done anything with SPF and DKIM data yet.

This is very good to know.

Jim H

Join to automatically receive all group messages.