Linux virus or forged address?

Alexander Dalloz alexander.dalloz at uni-bielefeld.de
Mon Apr 12 22:15:25 UTC 2004 

Am Mo, den 12.04.2004 schrieb Rick Stevens um 22:24:

> >>-----Forwarded Message-----
> >>From: MAILER-DAEMON at admin.thenth.com
> >>To: jonrysh at pacbell.net
> >>Subject: failure notice
> >>Date: Mon, 12 Apr 2004 16:04:23 +0000
> >>
> >>Hi. This is the qmail-send program at admin.thenth.com.
                          ^^^^^^^^^^
> >>I'm afraid I wasn't able to deliver your message to the following addresses.
> >>This is a permanent error; I've given up. Sorry it didn't work out.

> > And what you see too is the bad behaviour of qmail as MTA: it first
                                                         ^^^^^^^^^^^^^^
> > accepts the whole mail and later produces a bounce mail, hitting you
> > though you never sent the original mail.

That was I speaking about: the behaviour of qmail - accepting each mail
and then maybe producing a bounce mail which then goes to someone who
never sent any mail to the domain qmail is acting for.

> Not necessarily.  There are a lot of ISPs that detect the virus/worm and
> bounce the whole message.  Incredibly stupid.  However, your MTA should
> virus scan on the fly and drop the connection if one is found.

Absolutey. Bouncing _after_ the message was accepted before or
notification mails about virus in mails is a bad MTA behaviour at
present times. Though it must be said, that some worms imitate MTA
notification mails.

Alexander


-- 
Alexander Dalloz | Enger, Germany | GPG key 1024D/ED695653 1999-07-13
Fedora GNU/Linux Core 1 (Yarrow) on Athlon CPU kernel 2.4.22-1.2174.nptl
Sirendipity 00:04:30 up 24 days, 7:45, load average: 0.03, 0.03, 0.04 
                   [ Γνωθι σ'αυτον - gnothi seauton ]
             my life is a planetarium - and you are the stars
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20040413/689fdd08/attachment-0001.sig>

More information about the fedora-list mailing list