viruses that spoof the sender address
the register hints at the chaos caused by auto-responding to viruses that spoof the sender, and jupitermedia got hit especially hard because it also uses admin@internet.com.
sobig's built-in smtp server appears to get tripped up by the check_earlytalker plugin for qpsmtpd.
to deal with some of the worm-induced bounces hitting lists.mysql.com, i implemented a simple check_badbounceto plugin to identify addresses that should not receive bounces because they don't send mail. it seems to have been fairly effective.
Has anyone considered the following scenario?
Virus spoofs address A and sends itself to address B
Server 1 receieves the mail destined for address B, recognises the virus payload and bounces it back to address A with the original message attached (including all attachments)
Server 2 receives the mail destined for address A, recognises the virus payload and bounces it back to address A with the original message attached (including all attachments)
Game set and match! I wonder how many games of virtual table-tennis are already being played like this?
Yes, I'm aware that the server SHOULD recognise that the sender is another server and not bounce, but that requires human-written rules: another such rule would be "if the attachment is a virus, discard it, you don't need to send 100kb back"
Just my 2 cents worth!