Sender warnings going to recipients!
Quentin Campbell
Q.G.Campbell at NEWCASTLE.AC.UK
Wed Dec 5 15:52:12 GMT 2001
> -----Original Message-----
> From: Nick Phillips [mailto:nwp at lemon-computing.com]
> Sent: 05 December 2001 14:11
> To: MAILSCANNER at JISCMAIL.AC.UK
> Subject: Re: Sender warnings going to recipients!
>
>
> On Wed, Dec 05, 2001 at 12:16:10PM -0000, Quentin Campbell wrote:
> > We have ben running 2.60-2 since it was released. The platforms are
> > Solaris 2.7 running sendmail 8.10.1.
> >
> > We have started to receive complaints (and evidence) that
> _recipients_
> > of infected messages are sometimes getting the "sender" warning
> > message. That is, the "To:" address _in_ the warning
> message (a local
> > recipient) also becomes the "To:" address _for_ the warning message
> > itself. The latter should be the address of the sender. Any
> ideas? An
> > example follows with the original message at the end:
>
> We've seen things that initially appeared to be incorrect,
> but actually turned out to be correct, caused by Badtrans.
>
> What we've seen is that the postmaster appears to receive the
> recipient message, but that's actually caused by the virus
> replying to the sender warning with another copy of itself.
>
> Nice.
** We are seeing an increasing amount of this as well. The message are
** characterised by being in HTML with the string "Warning" in big,
** bold, red letters.
>
> Are you *sure* (like really really really sure) that the
> recipients of the infected messages are not in fact infected
> and therefore also senders?
Yes, we are _sure_ that the recipients are not infected. They use Unix
workstations!
Quentin
More information about the MailScanner
mailing list