Sender warnings going to recipients!

Nick Phillips nwp at LEMON-COMPUTING.COM
Wed Dec 5 14:11:16 GMT 2001

On Wed, Dec 05, 2001 at 12:16:10PM -0000, Quentin Campbell wrote:
> We have ben running 2.60-2 since it was released. The platforms are
> Solaris 2.7 running sendmail 8.10.1.
> We have started to receive complaints (and evidence) that _recipients_
> of infected messages are sometimes getting the "sender" warning message.
> That is, the "To:" address _in_ the warning message (a local recipient)
> also becomes the "To:" address _for_ the warning message itself. The
> latter should be the address of the sender. Any ideas? An example
> follows with the original message at the end:

We've seen things that initially appeared to be incorrect, but
actually turned out to be correct, caused by Badtrans.

What we've seen is that the postmaster appears to receive the recipient
message, but that's actually caused by the virus replying to the sender
warning with another copy of itself.


Are you *sure* (like really really really sure) that the recipients of the
infected messages are not in fact infected and therefore also senders?



Nick Phillips -- nwp at
Increased knowledge will help you now.  Have mate's phone bugged.

More information about the MailScanner mailing list