>Below are the headers of a message that got caught by the CR vulnerability
>test in Declude Virus. I got an email from the
>[EMAIL PROTECTED] bitching me out because I was an idiot, as an
>admin I should know how to read headers, and that the headers clearly
>indicate that this email had nothing to do with @mypersonalemail.com, and
>that my bounce messages getting sent to him are just as bad as the spam they
>are generated from. From what I can tell, he's really right (except about
>the idiot part. :-)).
The remote postmaster bounce messages by default go to the postmaster at
the domain that was used to send the message, which is often NOT shown in
the headers. That's the "return address"; the same address that bounce
messages will go to.
>X-Intouch-Note: Sender:[[EMAIL PROTECTED]]
In this case, the spammer used an address at mypersonalemail.com for bounce
messages to go to, so that is the address that Declude sent
to. Unfortunately, spammers often forge addresses that they use. This can
cause collateral damage to the postmasters at those domains (who people
will send spam complaints to), as well as notifications such as these.
>How can we handle this? We don't want to disable notifications altogether
>(and I think that's our only option in D.Virus, on or off). Most (if not
>all) of the CR catches are SPAM. Can notifications for ALL other tests that
>Declude Virus does be seperated from the 'generic' virus notification, much
>like the bannotify.eml does?
That is something that we are planning to add. In the meantime, it is
possible to turn off the Outlook CR Vulnerability test (with a line
"BANCRVIRUSES OFF" in the virus.cfg file).
-Scott
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus". You can E-mail
[EMAIL PROTECTED] for assistance. You can visit our web
site at http://www.declude.com .
