[Mimedefang] Re: calling action_bounce() for viruses
Stas Ukolov
tigrus at pisem.net
Wed Oct 1 23:11:02 EDT 2003
Hi, Kenneth!
You wrote:
>> Seconde one means server accepted message, then determined is 'bad' in
>> some sence and sent warning to address of 'sender' - real or forged -
>> which was in mail _header_.
KP> Not header, but envelope.
Well, you're right. Most DSNs are sent to envelope sender address.
Okay. But some (most!) hand-written warnings about virus in fact use
header sender address.
I think this doesn't matter however. Virus forges both header and
envelope sender address. Real person's MUA sets both correctly. For
modern virii (e.g. Sobig) one should use neither envelope nor
header sender address for DSN. No DSN about virii! Never!!!
Then you wrote:
KP> Or it came through the mail server of the infected user's ISP, and that server
KP> does no checking of outbound mail.
KP> Or it came through an inbound gateway that doesn't check for a valid user
KP> before passing it to an internal server. (As a rule, all servers for a domain
KP> should have the same rejection rules to avoid this issue.)
You're right again! I beleive two cases you mentioned are
misconfiguration of mail server involved. And we should immediately
contact its administrator so as he fix the server configuration. If
not, that server will soon be listed in many RBLs as spam/virus
sender.
WBR
Stas mailto:tigrus at pisem.net
More information about the MIMEDefang
mailing list