[33417] in bugtraq
Re: RFC: virus handling
daemon@ATHENA.MIT.EDU (Volker Kuhlmann)
Wed Feb 4 12:13:13 2004
Date: Wed, 4 Feb 2004 11:59:12 +1300
From: Volker Kuhlmann <list0570@paradise.net.nz>
To: bugtraq@securityfocus.com
Cc: Dave Clendenan <dave@dave.clendenan.ca>, John Fitzgibbon <fitz@jfitz.com>
Message-ID: <20040203225912.GA3188@paradise.net.nz>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20040203170905.GA1695@dave.clendenan.ca>
> > A bounce should *always* include a MIME attachment of type
> > message/rfc822-headers which contains the full headers from the original
> > mail. This makes it relatively easy to check on the receiving side if the
> > original "Received: from" headers are valid, and simply drop bounces that
> > relate to messages that were originally sent with forged headers.
> Outstanding idea. If you (or anyone else on the list) already have a
> tested procmail recipe for this, please share. If not, let's make one
> and share it around...
Done that:
http://volker.dnsalias.net/soft/procmail/virusnotification.rc
As a quick guess, the received: recipe catches 1/2 - 2/3 of all
responses from those idiots, though I'm not recording exactly which
recipe triggers because I don't care which rubbish it is.
Anything can be improved, of course.
Volker
--
Volker Kuhlmann is possibly list0570 with the domain in header
http://volker.dnsalias.net/ Please do not CC list postings to me.
