[Mailman-Users] Re: Sobig forces unsubscribes
Will Yardley
william+mm at hq.newdream.net
Fri Sep 5 03:03:46 CEST 2003
On Wed, Sep 03, 2003 at 09:01:18PM -0700, John W. Baxter wrote:
> On 9/2/2003 16:34, "Will Yardley" <william+mm at hq.newdream.net> wrote:
> > However, I think it's a good overall policy to reject any message
> > that's not delivered - with any sort of filter based on content,
> > you're running a risk of rejecting legitimate messages, so it's
> > important that the sender realize the message wasn't delivered.
> It's arguably a decent overall policy, but it fails in the case of Sobig-F
> which ordinarily forges the sender. Bouncing Sobig amounts to an attack on
> an innocent party...particularly if more than a smallish part of the
> incoming message is included.
As someone else pointed out (and as I pointed out), when a message is
rejected during the SMTP transaction, it's the job of the sending
machine to return the message to its sender. Sobig (and most spamware)
sends direct to MX from the infected machine, and doesn't send a bounce
when it receives a 55x response; the message is simply rejected and no
harm is done.
The problem is when the message is NOT initially rejected, and is then
bounced back to the sender. Even worse are those misconfigured virus
scanners which send notifications to the apparent "sender".
--
"Since when is skepticism un-American?
Dissent's not treason but they talk like it's the same..."
(Sleater-Kinney - "Combat Rock")
More information about the Mailman-Users
mailing list