[clug] [AUSCERT ALERT - Email worm W32.Beagle.A/Win32.Bagle.A]
Alex Satrapa
grail at goldweb.com.au
Wed Jan 21 09:32:20 GMT 2004
On 20 Jan 2004, at 23:14, Paul Hampson wrote:
> To my mind, a better solution is employed by amavisd which has a list
> of
> viruses that fake FROM headers, and doesn't send back bounces to those,
> silently discarding them instead (or passing them on, depending on the
> setup of amavisd)
But as is being discussed on the Amavis-new mailing list, it's better
to have a list of viruses that *don't* fake FROM headers, since
otherwise you'll forever be playing catch-up.
And since on one side we have the "don't reject viruses because the
middleman MTA will bounce to the wrong address", and on the other side
we have the "don't bounce viruses because the sender is invalid", the
only option is to violate the RFC (which was poorly written in the
first place ;) and DISCARD MAIL! OMG the world's going to end!
It's time to write a new RFC. The old RFC dealt with "how to get mail
to where you want to send it". We need an RFC that deals with "how to
get electronic messages to places that you're allowed to send them" :)
"Everyone has 20/20 vision in hindsight" -- Old Proverb
More information about the linux
mailing list