[25438] in bugtraq
Re: Unfortunate interaction between EZMLM and MessageLabs
daemon@ATHENA.MIT.EDU (der Mouse)
Sat May 11 19:21:08 2002
Date: Fri, 10 May 2002 23:23:45 -0400 (EDT)
From: der Mouse <mouse@Rodents.Montreal.QC.CA>
Message-Id: <200205110323.XAA16302@Sparkle.Rodents.Montreal.QC.CA>
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
To: BUGTRAQ@securityfocus.com
In-Reply-To: <4.3.2.7.2.20020509072420.01c9c458@208.55.91.110>
>> The widely used mailing list manager, EZMLM
>> (http://cr.yp.to/ezmlm.html), when sending mails for moderation,
>> sets a reply-to address which, if responded to, will cause the mail
>> to be accepted for distribution.
>> MessageLabs (http://www.messagelabs.com/) offer an email virus
>> scanning service which, unfortunately, sends virus alerts to,
>> amongst others, the reply-to address.
> This is definitely a very troubling interaction between two programs.
> Without further information, of course, it's difficult to state where
> the problem needs to be fixed.
IMO it's in MessageLabs. I am on a number of mailing lists that
regularly get hit with "we found a virus in a message from you" alert
messages, far more than there actually are infected messages coming
through the list. I can only infer that someone is sending the viri
with the list address forged into one of the from-type fields. I'm
sorely tempted to make my incoming email filters recognize the "alert"
annoygrams and autocomplain about them.
If a message must be auto-generated (which I'm far from convinced of),
IMO the only acceptable place to send it is the envelope-from.
/~\ The ASCII der Mouse
\ / Ribbon Campaign
X Against HTML mouse@rodents.montreal.qc.ca
/ \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B
