Re: [suse-security] Fwd: Undelivered Mail Returned to Sender
On Saturday 05 June 2004 21:31, Marc Samendinger wrote:
I still say its a legit bounce.
It would have been a legit bounce if it was send from my box. See the following lines from the first message in this thread (go back to this message to see all headers): Received: from suse.de (pD951F606.dip.t-dialin.net [217.81.246.6]) by Cantor.suse.de (Postfix) with ESMTP id 4B95668F3BE for <25866@suse.de>; Fri, 4 Jun 2004 10:13:32 +0200 (CEST) From: suse-security@de-korte.org As I have already indicated countless times before and which is shown again here, the message was not sent from this annoying t-dialin.net customer. The real sender was a 't-dialin.net' customer who spoofed the sender address 'suse-security@de-korte.org'. You totally missed my point that bouncing messages based on virus/spam content is wrong for the above mentioned reason (you'd be creating a new spam problem in the process).
I'm awaiting your answer and wonder if you will prove me wrong.
As I was on holiday, the reply was late. Yet, if you still don't get it, I'm wasting my time anyway. Regards, Arjen
On Sun, 2004-06-13 at 09:16, Arjen de Korte wrote:
On Saturday 05 June 2004 21:31, Marc Samendinger wrote:
I still say its a legit bounce.
It would have been a legit bounce if it was send from my box. See the following lines from the first message in this thread (go back to this message to see all headers):
Received: from suse.de (pD951F606.dip.t-dialin.net [217.81.246.6]) by Cantor.suse.de (Postfix) with ESMTP id 4B95668F3BE for <25866@suse.de>; Fri, 4 Jun 2004 10:13:32 +0200 (CEST) From: suse-security@de-korte.org
As I have already indicated countless times before and which is shown again here, the message was not sent from this annoying t-dialin.net customer. The real sender was a 't-dialin.net' customer who spoofed the sender address 'suse-security@de-korte.org'. You totally missed my point that bouncing messages based on virus/spam content is wrong for the above mentioned reason (you'd be creating a new spam problem in the process).
The problem here is not that the bounce was generated it is that Cantor.suse.de accepted the message in the first place. As was stated in an earlier message "25866@suse.de" is an invalid address and that is were the virus _warnning_ was sent. What should have happened is that Cantor.suse.com should have "550 User unknown"'d the message when it was posted by the t-dialin.net host and that should have been the end of it. The message should never have been scanned in the first place.
The Sunday 2004-06-13 at 18:16 +0200, Arjen de Korte wrote:
As I have already indicated countless times before and which is shown again here, the message was not sent from this annoying t-dialin.net customer. The real sender was a 't-dialin.net' customer who spoofed the sender address 'suse-security@de-korte.org'. You totally missed my point that bouncing messages based on virus/spam content is wrong for the above mentioned reason (you'd be creating a new spam problem in the process).
I think that is what the postfix documentation call "backscatter": |What is backscatter mail? | |When a spammer or worm sends mail with forged sender addresses, innocent |sites are flooded with undeliverable mail notifications. This is called |backscatter mail, and if your system is flooded then you will find out |soon enough. -- Cheers, Carlos Robinson
*** I will go down w/ this ship and I wont put my hands up and surrender.There will be no white flag above my door***
|When a spammer or worm sends mail with forged sender addresses, innocent |sites are flooded with undeliverable mail notifications. This is called |backscatter mail, and if your system is flooded then you will find out |soon enough.
mine was w/ this "benny" guy messages, but they all went to a spam dump , which does go to /dev/nul at the end of the day... ( just in case it screws up and puts my kid's emails in too... ) -- j -- nemo me impune lacessit it's just an afterthought; okay ? : I'm a internaut and I'm OK. I surf all night and I sleep all day.
The Monday 2004-06-14 at 19:39 +0200, I wrote:
I think that is what the postfix documentation call "backscatter":
Another kind - at least not dangerous: |From: Michael Weber |To: robin1.listas |Subject: Re: [suse-security] Fwd: Undelivered Mail Returned to Sender | |I will be out of the office until Thursday, June 17. If you need |assistance before that time, please send your question to the help desk. | |Thank you. Ugh... :-( -- Cheers, Carlos Robinson
participants (4)
-
Arjen de Korte
-
Carlos E. R.
-
jfweber@bellsouth.net
-
Tony Fraser