Bounced emails are not scanned for viruses.
Magda Hewryk
mhewryk at SYMCOR.COM
Wed Mar 17 18:59:21 GMT 2004
Hi,
For some reason all Delivery Failure Reports sent from the Lotus Notes-Mail
Router account have a infected message. Basically the messages is not
disinfected.
Our mail gateway machines scan correctly all emails but the one sent to the
unknown user are bounced back not scanned. Because the sender's address is
spoofed the infected bounced emails are timed out and are sent to the
postmaster. The Postmaster is aliased to real Lotus Notes addresses and in
the result Notes mail accounts got infected.
1. Email is received on the mail gateway
2. Email is detected as not valid <Unknown user> and is not disinfected by
MailScanner.
3. The Mail Gateway is trying to send it back to the original sender -
without disinfection first.
4. Email is bounced back and timed out because cannot reach the spoof
address of the sender
4. The bounced mail is sent to the Postmaster on the Mail Gateway
5. The postmaster is re-directed to the Lotus Notes Account and the
disinfected email ends up in mail boxes as a Delivery Failure Report.
The bottom line:
Mailscanner on our Mail Servers is not scanning emails which are sent to
<Unknown User>.
More information about the MailScanner
mailing list