|
FastMail Forum All posts relating to FastMail.FM should go here: suggestions, comments, requests for help, complaints, technical issues etc. |
|
Thread Tools |
24 Jan 2004, 04:35 AM | #1 |
Junior Member
Join Date: Jan 2004
Posts: 1
|
Virus scanner bounces messages back -- ARGH
Hello,
I was using the recommended virus scanner on e-mails. However, since a lot of e-mails containing viruses are malicious and from spoofed e-mail addresses, FastMail bounces the message back to the sender (which is a fake address), then THEIR server bounces the message back to ME, telling me that the user cannot be found on that domain. Is there any way to configure the virus scanner to scan messages, but not send an e-mail to the sender? Thanks in advance, Chris |
24 Jan 2004, 05:54 AM | #2 |
Ultimate Contributor
Join Date: Sep 2001
Location: Australia
Posts: 11,501
|
Our virus scanner does not inform the sender any more, AFAIK. Are you 100% sure it is a FastMail.FM notification that is bouncing around?
|
24 Jan 2004, 09:33 AM | #3 |
Junior Member
Join Date: Nov 2003
Posts: 7
|
My wife recieved a email containing the new "Bagle" virus last night on her Yahoo account and I got her to forward it to my Fastmail acct. Fastmail caught it and rejected it and never sent my wife a email about the rejection.
|
26 Jan 2004, 09:31 AM | #4 |
Junior Member
Join Date: Jun 2003
Posts: 9
|
I have a similar problem: Can it be set so that the host simply silently drops virus messages, without rejecting them with a 550 error? This is causing problems with several mailing lists (some Yahoo groups as well).
Thanks |
26 Jan 2004, 10:20 AM | #5 |
Intergalactic Postmaster
Join Date: Oct 2001
Location: Melbourne, Australia
Posts: 6,102
Representative of:
Fastmail.FM |
The virus scanner does silently drop messages. It does NOT return a 5xx code.
Rob |
26 Jan 2004, 05:43 PM | #6 |
Junior Member
Join Date: Jun 2003
Posts: 9
|
I didn't confirm it directly, but this is what the logs of Yahoo Groups claim:
Remote host said: 550 Error: Common virus payload files .pif and .scr blocked (eg. W32/Sobig). To send this file, please zip it first It appeared to me that this is what the fastmail.fm SMTP server is saying, since this log is for one of my fastmail addresses. I could be wrong, though - and Yahoo could be wrong too, wouldn't be the first time. Can you shed some light on this maybe? |
28 Jan 2004, 01:36 AM | #7 |
Member
Join Date: Jan 2003
Location: Reading, UK
Posts: 91
|
That's not the scanner, it's a rule. See http://www.emaildiscussions.com/...threadid=15204.
|
28 Jan 2004, 04:11 AM | #8 |
Junior Member
Join Date: Jun 2003
Posts: 9
|
Ah, I see. Thanks, that at least locates the problem. Though the question remains - can this be blocked silently?
Thanks Calle |
28 Jan 2004, 04:14 AM | #9 |
Cornerstone of the Community
Join Date: Sep 2002
Location: SF, CA
Posts: 700
|
Sure - just change the rule to discard instead of reject.
|
28 Jan 2004, 04:25 AM | #10 |
Junior Member
Join Date: Jun 2003
Posts: 9
|
I hope I'm not overlooking something simple now... but where exactly do I set this rule? I looked at the Define Rules and Antivirus pages in the options, but I have no such option anywhere. Sure, I can make my own rules silent, but the executable-blocking rule isn't there. And reading the thread you mentioned it seems to me that this is a system-wide rule. Or am I getting this wrong?
Thanks Calle |
28 Jan 2004, 06:06 AM | #11 |
Member
Join Date: Jan 2003
Location: Reading, UK
Posts: 91
|
You don't, it's a systemwide rule, not user-configurable. I guess we need another contribution from the FM guys here.
|
28 Jan 2004, 07:06 AM | #12 | |||
Essential Contributor
Join Date: Jan 2002
Location: Zurich, Switzerland
Posts: 350
|
Quote:
Quote:
Quote:
Jan |
|||
28 Jan 2004, 07:14 AM | #13 |
The "e" in e-mail
Join Date: Apr 2003
Location: USA
Posts: 2,978
|
It's a delicate issue... FM's smtp reject rules naturally occur before the antivirus checking (thus preempting it). In most cases something should be caught by the antivirus (thus dropped silently) if there's no smtp rule. But the smtp rules do reduce the chances of something slipping past altogether, and reduce unnecessary load on the servers/pipeline I guess...
|
28 Jan 2004, 01:30 PM | #14 |
Junior Member
Join Date: Mar 2002
Location: Canberra, Australia
Posts: 27
|
Bounces still happen
We have just rejected a message to you from {...} because it tested as positive to a virus
using Kaspersky Anti-virus (http://www.kaspersky.com). If you do not wish to use anti-virus protection, log into your account, click Preferences, and uncheck 'Virus Protection'. The virus scanner output was: ---- >From {...}][Date Wed, 28 Jan 2004 12:56:10 +0800]/message.zip/message.htm .scr Infected by virus: I-Worm.Novarg I've been getting so many of these that I've made a filter rule in Mozilla Mail (which I now use because FastCheck has stopped working, but that's a whole 'nother thread), but I agree with the thread on Slashdot at the moment, that virus detectors shouldn't be spamming the "From" addresses. Is that what's happening, or is it something else? |
28 Jan 2004, 06:31 PM | #15 | |
Member
Join Date: Jan 2003
Location: Reading, UK
Posts: 91
|
Re: Bounces still happen
Quote:
There are 2 rather different cases here : 1. Message triggers SMTP block. SMTP session terminates with 5xx to sending server, possibly before the body is sent. Session information is discarded. RCPT address is NOT notified - indeed, depending on the block, FM may not even know what it is. 2. SMTP session terminated 2xx OK. Message then tests virus-positive. RCPT address is notified (as above), message is discarded by FM. Sender is NOT notified. That said, I know it's a tricky call, but the volume of complaints seems to show that SMTP blocks are generating an unacceptably large number of false positives. Last edited by mwild : 28 Jan 2004 at 06:36 PM. |
|