[33396] in bugtraq
Re: RFC: virus handling
daemon@ATHENA.MIT.EDU (Dave Clendenan)
Wed Feb 4 05:25:37 2004
Date: Tue, 3 Feb 2004 09:09:05 -0800
From: Dave Clendenan <dave@dave.clendenan.ca>
To: John Fitzgibbon <fitz@jfitz.com>
Cc: bugtraq@securityfocus.com
Message-ID: <20040203170905.GA1695@dave.clendenan.ca>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <200401281400.03753.fitz@jfitz.com>
On Wed, Jan 28, 2004 at 02:00:03PM -0800, John Fitzgibbon wrote:
> There is one standardized feature for virus and other bounce messages, (which
> isn't mentioned in the original proposal), which I believe would really help:
>
> A bounce should *always* include a MIME attachment of type
> message/rfc822-headers which contains the full headers from the original
> mail. This makes it relatively easy to check on the receiving side if the
> original "Received: from" headers are valid, and simply drop bounces that
> relate to messages that were originally sent with forged headers.
>
Outstanding idea. If you (or anyone else on the list) already have a
tested procmail recipe for this, please share. If not, let's make one
and share it around...
thanks
--
Dave Clendenan
dave@clendenan.ca
PGP fingerprint: 910E 8400 7A16 822C 9B62 209F 6CAB DEDF BF4B DF75
Subtlety is the art of saying what you think,
and getting out of the way before it is understood
