From owner-freebsd-hackers@FreeBSD.ORG  Mon Mar  1 09:08:22 2004
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Delivered-To: freebsd-hackers@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id A3B5716A4CE
	for <hackers@freebsd.org>; Mon,  1 Mar 2004 09:08:22 -0800 (PST)
Received: from 82-41-27-158.cable.ubr04.edin.blueyonder.co.uk
	(82-41-27-158.cable.ubr04.edin.blueyonder.co.uk [82.41.27.158])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 3486D43D31
	for <hackers@freebsd.org>; Mon,  1 Mar 2004 09:08:22 -0800 (PST)
	(envelope-from andrew@mux.org.uk)
Received: from mux.org.uk (spatula.flat [192.168.0.2])
	by myriad.flat (Postfix) with ESMTP
	id 001E4C5; Mon,  1 Mar 2004 15:56:19 +0000 (GMT)
Message-ID: <40436E04.9000706@mux.org.uk>
Date: Mon, 01 Mar 2004 17:08:20 +0000
From: Andrew Boothman <andrew@mux.org.uk>
User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.6) Gecko/20040228
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: =?ISO-8859-1?Q?Dag-Erling_Sm=F8rgrav?= <des@des.no>
References: <Pine.BSF.4.21.0402291639340.27862-100000@InterJet.elischer.org>
	<20040301032856.GA10110@xor.obsecurity.org> <xzpfzcstspb.fsf@dwp.des.no>
In-Reply-To: <xzpfzcstspb.fsf@dwp.des.no>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 8bit
cc: hackers@freebsd.org
cc: Julian Elischer <julian@elischer.org>
cc: Kris Kennaway <kris@obsecurity.org>
Subject: Re: SPAM/virii apparently from freeBSD addresses.
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
	<freebsd-hackers.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 01 Mar 2004 17:08:22 -0000

Dag-Erling Smørgrav wrote:

>>>Somewhere out there there is a ?Virus?/?Hacker?/?Spammer?
>>>getting really annoying..
>>
>>Yeah, but what do you expect anyone to do about it?
> 
> 
> Swen and MyDoom are easy to detect and reject at the SMTP stage.  The
> fact that our mail servers don't do this is a PITA, as it forces list
> subscribers to accept them as well (if you reject list mail because it
> contains a virus, Mailman disables your subscription).

You shoudn't reject email because it contains Swen or MyDoom anyway, all 
you'll do is generate a bounce message to someone who never sent you the 
infected mail in the first place - becuase the SMTP envelope addresses 
are forged.

I believe the correct thing to do is to accept in and silently drop it.