[Mailman-Users] Re: Sobig forces unsubscribes

[Will Yardley]

On Tue, Sep 02, 2003 at 08:05:51PM -0400, Rob Carlson wrote:
> On Tuesday, Sep 2, 2003, at 19:59 US/Eastern, Tokio Kikuchi wrote:
 
> > > My list owners are getting Sobig files bounced to them through the 
> > > administrative addresses.  One of their ISPs has decided to reject 
> > > those relayed messages with a 550 User Unknown because they contain 
> > > Sobig.  The mailman-owner gets this bounce back and kicks them off 
> > > all the lists.  She's asked her admins to change it to a 554 Service 
> > > Unavailable

> > Ask him to silently discard them (>/dev/null) because the bounce
> > address is also a victim.
 
> Yes, but it is doing a 550 in its conversation with the server (in this 
> case a Sobig instance) so for actual Sobig connections, the message 
> would be silently discarded by both the Sobig instance and their mail 
> server without annoying the owner of the forged address.

Exactly.

> Not a bad way to do things overall, I just need to get around it
> somehow.

One option would be to disable auto-bounce detection until Sobig expires
and / or increase the threshold of bounces required to remove an address
(it would be nice if an individual address could be exempted without
disabling this feature entirely, but this isn't currently an option).

Does filtering attachments with a particular content type (under
Content Filtering) affect messages sent to the list-owner, or only
messages sent to the list itself? What about Spam filters (under Privacy
Options -> Spam filters) - if you autodelete messages which appear to be
Sobig, is the original message forwarded to the owner, or only a summary
indicating that a message was deleted (my recollection is that it's the
latter).

-- 
"Since when is skepticism un-American?
Dissent's not treason but they talk like it's the same..."
(Sleater-Kinney - "Combat Rock")