Re: [suse-security] Fwd: Undelivered Mail Returned to Sender
-----Original Message----- From: Arjen de Korte [mailto:suse-security@de-korte.org] Sent: Friday, June 04, 2004 11:24 AM To: suse-security@suse.com
Please folks, this is exactly the reason why you should NOT send bounces in reply to virusses. I'm very disappointed that SuSE is still not aware of the implications of this annoying behaviour. To summarize, only send warnings to authenticated senders otherwise you might be sending it to a spoofed sender address.
Ehm, just for the records. The virus warning you got was not a reply to the sender telling the sender he is probably infected, but a mail to the recipient that someone sent an infected e-mail to him. Theres usually no problem in doing so because its a notice to your own users. The mail you got was just a legit "User Unknown" bounce. The problem is that scanhost.suse.de does not know which users are legit for suse.de. Or even better Cantor.suse.de shouldn't even accept the message. Hint: relay_recipient_maps Hint ;) marc
On Saturday 05 June 2004 11:28, Marc Samendinger wrote:
The virus warning you got was not a reply to the sender telling the sender he is probably infected, but a mail to the recipient that someone sent an infected e-mail to him.
Read the message again. It was send from 'MAILER-DAEMON@suse.de' to 'suse-security@de-korte.org'. The latter was the spoofed sender address, so it was indeed a reply to sender.
Theres usually no problem in doing so because its a notice to your own users.
Which is not the case here.
The mail you got was just a legit "User Unknown" bounce.
You are a perfect example of people falling in the trap I was warning for. Best reagards, Arjen
participants (2)
-
Arjen de Korte
-
Marc Samendinger