[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] Fwd: Undelivered Mail Returned to Sender



On Sun, 2004-06-13 at 09:16, Arjen de Korte wrote:
> On Saturday 05 June 2004 21:31, Marc Samendinger wrote:
>  
> > I still say its a legit bounce.
> 
> It would have been a legit bounce if it was send from my box. See the 
> following lines from the first message in this thread (go back to this 
> message to see all headers):
> 
> Received: from suse.de (pD951F606.dip.t-dialin.net [217.81.246.6])
>         by Cantor.suse.de (Postfix) with ESMTP id 4B95668F3BE
>         for <25866@xxxxxxx>; Fri,  4 Jun 2004 10:13:32 +0200 (CEST)
> From: suse-security@xxxxxxxxxxxx
> 
> As I have already indicated countless times before and which is shown again 
> here, the message was not sent from this annoying t-dialin.net customer. The 
> real sender was a 't-dialin.net' customer who spoofed the sender address 
> 'suse-security@xxxxxxxxxxxx'. You totally missed my point that bouncing 
> messages based on virus/spam content is wrong for the above mentioned reason 
> (you'd be creating a new spam problem in the process).

The problem here is not that the bounce was generated it is that
Cantor.suse.de accepted the message in the first place. As was stated in
an earlier message "25866@xxxxxxx" is an invalid address and that is
were the virus _warnning_ was sent.

What should have happened is that Cantor.suse.com should have "550 User
unknown"'d the message when it was posted by the t-dialin.net host and
that should have been the end of it. The message should never have been
scanned in the first place.



-- 
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here