Bugtraq mailing list archives
Re: RFC: virus handling
From: Volker Kuhlmann <list0570 () paradise net nz>
Date: Wed, 4 Feb 2004 11:59:12 +1300
A bounce should *always* include a MIME attachment of type message/rfc822-headers which contains the full headers from the original mail. This makes it relatively easy to check on the receiving side if the original "Received: from" headers are valid, and simply drop bounces that relate to messages that were originally sent with forged headers.
Outstanding idea. If you (or anyone else on the list) already have a tested procmail recipe for this, please share. If not, let's make one and share it around...
Done that: http://volker.dnsalias.net/soft/procmail/virusnotification.rc As a quick guess, the received: recipe catches 1/2 - 2/3 of all responses from those idiots, though I'm not recording exactly which recipe triggers because I don't care which rubbish it is. Anything can be improved, of course. Volker -- Volker Kuhlmann is possibly list0570 with the domain in header http://volker.dnsalias.net/ Please do not CC list postings to me.
Current thread:
- Re: Hysterical first technical alert from US-CERT, (continued)
- Re: Hysterical first technical alert from US-CERT Andreas Marx (Feb 06)
- Re: RFC: virus handling Piotr KUCHARSKI (Feb 02)
- Re: RFC: virus handling Patrick Proniewski (Feb 02)
- Re: RFC: virus handling Matthew Dharm (Feb 03)
- Re: RFC: virus handling Ben Wheeler (Feb 04)
- Re: RFC: virus handling Shawn McMahon (Feb 07)
- Re: RFC: virus handling Matthew Dharm (Feb 03)
- Re: RFC: virus handling Craig Morrison (Feb 02)
- Re: RFC: virus handling James C. Slora Jr. (Feb 03)
- Re: RFC: virus handling John Fitzgibbon (Feb 02)
- Re: RFC: virus handling Dave Clendenan (Feb 03)
- Re: RFC: virus handling Volker Kuhlmann (Feb 04)
- Re: RFC: virus handling Dave Clendenan (Feb 03)
- Re: RFC: virus handling Daniele Orlandi (Feb 02)
- Re: RFC: virus handling Pavel Kankovsky (Feb 02)
- Re: RFC: virus handling Dave Aronson (Feb 02)
- RE: RFC: virus handling David Brodbeck (Feb 03)
- Re: RFC: virus handling Casper Dik (Feb 04)