| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20040203225912.GA3188@paradise.net.nz> Date: Wed, 4 Feb 2004 11:59:12 +1300 From: Volker Kuhlmann <list0570@...adise.net.nz> To: bugtraq@...urityfocus.com Cc: Dave Clendenan <dave@...e.clendenan.ca>, John Fitzgibbon <fitz@...tz.com> Subject: Re: RFC: virus handling > > A bounce should *always* include a MIME attachment of type > > message/rfc822-headers which contains the full headers from the original > > mail. This makes it relatively easy to check on the receiving side if the > > original "Received: from" headers are valid, and simply drop bounces that > > relate to messages that were originally sent with forged headers. > Outstanding idea. If you (or anyone else on the list) already have a > tested procmail recipe for this, please share. If not, let's make one > and share it around... Done that: http://volker.dnsalias.net/soft/procmail/virusnotification.rc As a quick guess, the received: recipe catches 1/2 - 2/3 of all responses from those idiots, though I'm not recording exactly which recipe triggers because I don't care which rubbish it is. Anything can be improved, of course. Volker -- Volker Kuhlmann is possibly list0570 with the domain in header http://volker.dnsalias.net/ Please do not CC list postings to me.
Powered by blists - more mailing lists