Date: Wed, 14 Mar 2001 11:31:05 -0500 (EST) From: Jim Durham <durham@w2xo.pgh.pa.us> To: "Bruce M. Walker" <bmw@borderware.com> Cc: freebsd-security@FreeBSD.ORG Subject: Re: Sophos and Virus return mail Message-ID: <Pine.BSF.4.21.0103141119450.1452-100000@shazam.int> In-Reply-To: <200103141308.f2ED84E11909@fusion.borderware.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 14 Mar 2001, Bruce M. Walker wrote: > Jim Durham wrote: > > > > I thought of rewriting the script to use the "From: " address > > to reply. I think that would usually work, but I'm not sure > > that address always appears either. > > Unhappily not: > > From: Hahaha <hahaha@sexyfun.net> > > You can see the IP of the host that sent it to you in the Received: > headers if you inspect them, but that will be simply the Windows > PC that itself has been infected. Snowhite contains a complete > SMTP send-only implementation and it delivers to its targets directly. > > I'm afraid you're stuck with these things. > > (This is one case where blocking of port 25 by ISPs is a good thing.) > > -bmw Yes, SnowWhite is probably a bad example, as, like you say, it doesn't generate a replyable "From:" address. I didn't ask my question correctly. Some Viruses generate no envelope "from" but *do* generate a "From: ". I was thinking about the ramifications of changing the script to use the "From: " if the envelope is not there. SO... if (from)... reply to from else if (From: ) reply to From: else reply to MAILER-DAEMON (sigh...) Another thing that might be done is ... and I've done this by hand a couple times, which gets old... dig out the "ppp-4027dialup@bigisp.net" and the time from the headers and generate a reply to: "abuse@bigisp.net". Giving the time of the abuse and the dialup. Maybe if we started using Sadly, I don't think ISPs pay much attention to "abuse" e-mail, though. (Another sigh). I've never gotten a response to an abuse report. This "Virus in your mail to:" stuff gets old.. Yes, I knew what you meant about port 25.. no need to explain. Brains are much faster than fingers.. Jim Durham To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0103141119450.1452-100000>