viruses that spoof the sender address
the register hints at the chaos caused by auto-responding to viruses that spoof the sender, and jupitermedia got hit especially hard because it also uses admin@internet.com.
sobig's built-in smtp server appears to get tripped up by the check_earlytalker plugin for qpsmtpd.
to deal with some of the worm-induced bounces hitting lists.mysql.com, i implemented a simple check_badbounceto plugin to identify addresses that should not receive bounces because they don't send mail. it seems to have been fairly effective.
Comments
Has anyone considered the following scenario? Virus spoofs address A and sends itself to address B Server 1 receieves the mail destined for address B, recognises the virus payload and bounces it back to address A with the original message attached (including all attachments) Server 2 receives the mail destined for address A, recognises the virus payload and bounces it back to address A with the original message attached (including all attachments)
Game set and match! I wonder how many games of virtual table-tennis are already being played like this?
Yes, I'm aware that the server SHOULD recognise that the sender is another server and not bounce, but that requires human-written rules: another such rule would be "if the attachment is a virus, discard it, you don't need to send 100kb back"
Just my 2 cents worth!
Add a comment
Sorry, comments on this post are closed.
As Jim said: having a mail server that sends bounce messages in response to viruses that are known to forge the message sender is a very, very bad thing.. And as Schwern said: A short plea to mail admins worldwide. STOP BOUNCING EMAIL VIRUSES! My email address is plastered all over the Internet. Every time a new virus comes out I get plastered by hundreds of messages. NOT viruses, because my spam filter nails them easy, but messages informing me