>The BADTRANS virus uses different "FROM:" data in the message envelope (from
>the SMTP conversation) vs. what's in the SMTP "From:" headers. I've had
>several people who seemingly got mail from themselves (e.g., the FROM in the
>envelope was my customer, so was the TO.) However, in EACH case, the SMTP
>"From:" header contained a different person's email address.
For the Badtrans.B that just came out, the ones we have seen all have a "_"
before the From: address (IE "From: <_username..." rather than "From:
<username..."). So the envelope MAIL FROM (the one Declude uses) will be
correct, the one from the E-mail headers will not.
>Furthermore, it was confusing, because the %ALLRECIPS% seems to show BOTH
>the original recipient AND the ultimate recipient - something that my
>clients do NOT wish to publish.
The %ALLRECIPS% option should show the recipients from the SMTP envelope
(the actual addresses that were used to send the mail to). If using the
new "SWITCHRECIPS" option, this behavior could vary.
>Thus - I have the following suggestions:
>
>a) if SENDER and RECIPIENT are one and the same - don't send TWO
>notifications. Suppress the SENDER notification.
That's something we will look into.
>b) ALLRECIPS should only show the ORIGINAL recipient
It should be working like that.
>c) There should be a way to show the ENVELOPE "from" and the HEADER "from" -
>and there should be a way to notify EITHER - IF they are different!
Declude doesn't ever look at the "From:" header in the E-mail. The
envelope MAIL FROM is that address that "bounce" messages should be going
to. The "From:" in the E-mail headers is less likely to be correct. But,
this is something we will also look into.
-Scott
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus". You can E-mail
[EMAIL PROTECTED] for assistance. You can visit our web
site at http://www.declude.com .
