[Mimedefang] Accuracy of infected IP in mdlog

[Kevin A. McGrail]

Jerome,

Sendmail, for right or for wrong, and the infrastructure of the internet
mailing systems is based on a system of culpability.  Imagine an email as a
baton passed from one runner to the next.

All your server can verify (and all you really *need* to know) is the last
server that just passed the information on to you.  Everything else is open
to interpretation/forgery/etc.

It's noble of you to care about what machine might actually be infected but
you would have to assume that ALL the received lines including the previous
server were infected because no assumption concerning where the virus
originated would be correct without more information from all the runners in
the relay.

Anyway, you are barking up the wrong tree thinking MIMEDefang can solve this
problem.  The most you can do is edit your filter to parse the HEADERS file
and add all the previous relays to the list of possible infections along
with the most recent relay in $RelayAddr.  The point I would make is so
what?  Now you have this information, what do you do with it.  You certainly
do not try and contact anyone about it unless you are responsible for a
large network or you have more spare time than God.

Regards,
KAM

> hu ?
>
> how do you know about the originating IP adress so ??
>
> I understand that it's surely possible to add received lines
> to make believe the sender is someone else, but there's surely
> a way to analyze the sanity of received lines, this may be a good thing.
>
> what about making us the choice of choosing what we want to believe ?
>
> using the last received as the good one is not the best at all.
>
> I prefer seeing "xx.yy.zz.cc" is infected rather than 127.0.0.1...
>
> but that's my point of course