Slash Boxes
NOTE: use Perl; is on undef hiatus. You can read content, but you can't post it. More info will be forthcoming forthcomingly.

All the Perl that's Practical to Extract and Report

use Perl Log In

Log In

[ Create a new account ]

Journal of ask (83)

Saturday August 23, 2003
11:58 AM

Stop Bouncing Email Viruses

[ #14280 ]

As Jim said: having a mail server that sends bounce messages in response to viruses that are known to forge the message sender is a very, very bad thing..

And as Schwern said:

A short plea to mail admins worldwide.

My email address is plastered all over the Internet. Every time a new virus comes out I get plastered by hundreds of messages. NOT viruses, because my spam filter nails them easy, but messages informing me I sent them a virus! Those are nearly impossible to filter without throwing out all legit bounce messages, too.

I know you're trying to be helpful, but you're sending email to the wrong person: ME. I did not send you that virus. I know better than to run Windows on an open network. Any virus worth its bits fakes the From line these days. I'm a "public figure" on the Internet. My address is plastered all over the place. The virus just grabbed it from somebody's address book or web cache.

So from myself and lots of other people who have very visible email addresses: STOP BOUNCING VIRUSES! They're not getting back to the source. You're just adding to the problem.

Thank you.

I didn't get a single Sobig.F virus in my inbox. But boy did I get a lot of the "you've sent a virus to" crap, those are sent by real systems sadly.

No, I don't run any virus scanners, but as Jim pointed out then it got blocked by the "check_earlytalker" plugin in qpsmtpd. The Sobig.F smtp implementation starts talking before the smtp server says hello. A lot of spammers does the same, the idea being that they can get their junk out a little faster. No real mail system does that; as they generally are written by people who at least glanced over the RFC. (Even if you use the common pipelining ESMTP extension then you can't start pipelining until you have negotiated that).

The really cool thing about qpsmtpd is that it's so easy to try out things like "check_earlytalker" (contributed by Devin Carraway). A dozen lines of Perl is all you need to extend or tweak the core functionality. Almost everything but the core SMTP engine is in little neat plugins like that.

# | Comments