Sender warnings going to recipients!

Quentin Campbell Q.G.Campbell at NEWCASTLE.AC.UK
Wed Dec 5 15:52:12 GMT 2001

> -----Original Message-----
> From: Nick Phillips [mailto:nwp at] 
> Sent: 05 December 2001 14:11
> Subject: Re: Sender warnings going to recipients!
> On Wed, Dec 05, 2001 at 12:16:10PM -0000, Quentin Campbell wrote:
> > We have ben running 2.60-2 since it was released. The platforms are 
> > Solaris 2.7 running sendmail 8.10.1.
> >
> > We have started to receive complaints (and evidence) that 
> _recipients_ 
> > of infected messages are sometimes getting the "sender" warning 
> > message. That is, the "To:" address _in_ the warning 
> message (a local 
> > recipient) also becomes the "To:" address _for_ the warning message 
> > itself. The latter should be the address of the sender. Any 
> ideas? An 
> > example follows with the original message at the end:
> We've seen things that initially appeared to be incorrect, 
> but actually turned out to be correct, caused by Badtrans.
> What we've seen is that the postmaster appears to receive the 
> recipient message, but that's actually caused by the virus 
> replying to the sender warning with another copy of itself.
> Nice.

** We are seeing an increasing amount of this as well. The message are
** characterised by being in HTML with the string "Warning" in big,
** bold, red letters. 

> Are you *sure* (like really really really sure) that the 
> recipients of the infected messages are not in fact infected 
> and therefore also senders?

Yes, we are _sure_ that the recipients are not infected. They use Unix


More information about the MailScanner mailing list