[Mimedefang] Was the patch supposed to catch this?

Michael D. Sofka sofkam at rpi.edu
Fri Apr 26 15:21:07 EDT 2002


A message was sent from an aol machine to an aliases at RPI. The sender was to be from another alias at rpi.edu. The message was rejected because it contained Klez. So far, so good. Then, the AOL mailer sent the rejection notice to the forged sender, and it passed inspection. Here is the message, minus the virus. It looks like the kind of rfc822 message the MIME::Tools patch is supposed to catch. I am running the patch, with MIMEDefang 2.3. Note, this was about 1 1/2 hours after I installed the MIME::Tools patch. It is possible, but unlikely, that there was still an old running mimedefang.pl at that time. There isn't now. Mike Here is the message headers: From security-owner Fri Apr 26 14:27:56 2002 X-UIDL: 21c6f2605944a39112f48c8687939b21 Return-Path:  Received: from rly-ip02.mx.aol.com (rly-ip02.mx.aol.com [152.163.225.160]) by mail.rpi.edu (8.12.1/8.12.1) with ESMTP id g3QIPXp9533744 for ; Fri, 26 Apr 2002 14:27:21 -0400 Received: from localhost (localhost) by rly-ip02.mx.ao!
l.com 
(8.8.8/8.8.8/AOL-5.0.0) with internal id OAB23409; Fri, 26 Apr 2002 14:27:20 -0400 (EDT) Date: Fri, 26 Apr 2002 14:27:20 -0400 (EDT) From: Mail Delivery Subsystem  Message-Id:  To:  MIME-Version: 1.0 Content-Type: multipart/report; report-type=delivery-status; boundary="OAB23409.1019845640/rly-ip02.mx.aol.com" Subject: Returned mail: Service unavailable Auto-Submitted: auto-generated (failure) X-Scanned-By: MIMEDefang 2.3 (www dot roaringpenguin dot com slash mimedefang) Status: RO This is a MIME-encapsulated message --OAB23409.1019845640/rly-ip02.mx.aol.com The original message was received at Fri, 26 Apr 2002 13:41:04 -0400 (EDT) from logs-tp.proxy.aol.com [152.163.204.135] *** ATTENTION *** Your e-mail is being returned to you because there was a problem with its delivery. The address which was undeliverable is listed in the section labeled: "----- The following addresses had permanent fatal errors -----". The reason your mail is being returned to you is listed in the sec!
tion l
abeled: "----- Transcript of Session Follows -----". The line beginning with " ----- Transcript of session follows ----- ... while talking to mail.rpi.edu.: >>> DATA ... Service unavailable --OAB23409.1019845640/rly-ip02.mx.aol.com Content-Type: message/delivery-status Reporting-MTA: dns; rly-ip02.mx.aol.com Arrival-Date: Fri, 26 Apr 2002 13:41:04 -0400 (EDT) Final-Recipient: RFC822; alumni at rpi.edu Action: failed Status: 5.0.0 Remote-MTA: DNS; mail.rpi.edu Diagnostic-Code: SMTP; 554 5.7.1 attachment 1072212[1].scr contains a virus Last-Attempt-Date: Fri, 26 Apr 2002 14:27:18 -0400 (EDT) --OAB23409.1019845640/rly-ip02.mx.aol.com Content-Type: message/rfc822 Return-Path:  Received: from logs-tp.proxy.aol.com (logs-tp.proxy.aol.com [152.163.204.135]) by rly-ip02.mx.aol.com (8.8.8/8.8.8/AOL-5.0.0) with ESMTP id NAA24363 for ; Fri, 26 Apr 2002 13:41:04 -0400 (EDT) Received: from Ivbr (AC9910DC.ipt.aol.com [172.153.16.220]) by logs-tp.proxy.aol.com (8.10.0/8.10.0) with SMTP id g3Q!
DAUe96
879 for ; Fri, 26 Apr 2002 09:10:30 -0400 (EDT) Date: Fri, 26 Apr 2002 09:10:30 -0400 (EDT) Message-Id:  From: postmaster  To: alumni at rpi.edu Subject: Returned mail--"language" MIME-Version: 1.0 Content-Type: multipart/alternative; boundary=Z7PS8Z6C9D8v6Q7nxCW7c90a7YL3ksSH12e X-Apparently-From: BlueFalls at aol.com --Z7PS8Z6C9D8v6Q7nxCW7c90a7YL3ksSH12e Content-Type: text/html; Content-Transfer-Encoding: quoted-printable  The following mail can't be sent to security at rpi.edu:

From: alumni at rpi.edu
To: security at rpi.edu
Subject: language
The file is the original mail --Z7PS8Z6C9D8v6Q7nxCW7c90a7YL3ksSH12e Content-Type: application/octet-stream; name=1072212[1].scr Content-Transfer-Encoding: base64 Content-ID:  TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA  --Z7PS8Z6C9D8v6Q7nxCW7c90a7YL3ksSH12e-- --OAB23409.1019845640/rly-ip02.mx.aol.com--
--
Michael Sofka                          sofkam at rpi.edu
CCT Sr. Systems Programmer  email, webmail, listproc, TeX, epistemology.
Rensselaer Polytechnic Institute, Troy, NY.    http://www.rpi.edu/~sofkam/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.mimedefang.org/pipermail/mimedefang_lists.mimedefang.org/attachments/20020426/d5732fd1/attachment.html>


More information about the MIMEDefang mailing list