Alexander Dalloz wrote:
Am Mo, den 12.04.2004 schrieb Jonathan Ryshpan um 20:37:
I recently received the following bounce message for a message I never
sent. Is it possible that some component of my email system (fetchmail
+ sendmail + evolution) has been infected by a virus? Or has someone
just forged my return address?
Thanks - Jonathan Ryshpan
-----Forwarded Message-----
From: MAILER-DAEMON@xxxxxxxxxxxxxxxx
To: jonrysh@xxxxxxxxxxx
Subject: failure notice
Date: Mon, 12 Apr 2004 16:04:23 +0000
Hi. This is the qmail-send program at admin.thenth.com.
I'm afraid I wasn't able to deliver your message to the following addresses.
This is a permanent error; I've given up. Sorry it didn't work out.
<php@xxxxxxxxxxxxx>:
This address no longer accepts mail.
As others already replied it is caused by actual worms (running on
infected Windows[tm] machines) misusing your email address from the
address book.
And what you see too is the bad behaviour of qmail as MTA: it first
accepts the whole mail and later produces a bounce mail, hitting you
though you never sent the original mail.
Not necessarily. There are a lot of ISPs that detect the virus/worm and
bounce the whole message. Incredibly stupid. However, your MTA should
virus scan on the fly and drop the connection if one is found.
If there are any ISPs out there, please PLEASE change your policies! If
you detect a virus and it's a Klez or Bagle variant, throw it away as
the sender address is bogus. Don't clog up innocent people's mailboxes
with bounces since you know darned well the sender is invalid. In fact,
if you see ANY virus or worm, just toss the message away. You'll be
doing everyone a huge favor by helping to stop the stupid things, as
well as putting far less load on your own servers by getting rid of the
bounce overhead.
Someone has to help stop these things, as it seems that Microsoft and
that POS "Outlook" and its kin are the cause of 95% of these bloody
things and users don't seem to be willing to update their ancient,
buggy, security-hole-ridden Outlook/OE/Exchange clients. As soon as we
detect an incoming virus, we drop the connection with a "522 Virus
Detected" message and throw the mail away. Done.
----------------------------------------------------------------------
- Rick Stevens, Senior Systems Engineer rstevens@xxxxxxxxxxxxxxx -
- VitalStream, Inc. http://www.vitalstream.com -
- -
- Veni, Vidi, VISA: I came, I saw, I did a little shopping. -
----------------------------------------------------------------------
