Here is another interesting though after reading Scott's reply: That postmaster that is receiving those messages should maybe follow up and complain to the originating ISP about that, not to you.
John Tolmachoff IT Manager Network Engineer 211 E. Imperial Hwy., Suite 106 Fullerton, CA� 92835 714-578-7999, ext. 104 [EMAIL PROTECTED] www.reliancesoft.com � -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of R. Scott Perry Sent: Friday, March 08, 2002 8:11 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] Identifying the right postmaster to send virus notifications to >Below are the headers of a message that got caught by the CR vulnerability >test in Declude Virus. I got an email from the >[EMAIL PROTECTED] bitching me out because I was an idiot, as an >admin I should know how to read headers, and that the headers clearly >indicate that this email had nothing to do with @mypersonalemail.com, and >that my bounce messages getting sent to him are just as bad as the spam they >are generated from. From what I can tell, he's really right (except about >the idiot part. :-)). The remote postmaster bounce messages by default go to the postmaster at the domain that was used to send the message, which is often NOT shown in the headers. That's the "return address"; the same address that bounce messages will go to. >X-Intouch-Note: Sender:[[EMAIL PROTECTED]] In this case, the spammer used an address at mypersonalemail.com for bounce messages to go to, so that is the address that Declude sent to. Unfortunately, spammers often forge addresses that they use. This can cause collateral damage to the postmasters at those domains (who people will send spam complaints to), as well as notifications such as these. >How can we handle this? We don't want to disable notifications altogether >(and I think that's our only option in D.Virus, on or off). Most (if not >all) of the CR catches are SPAM. Can notifications for ALL other tests that >Declude Virus does be seperated from the 'generic' virus notification, much >like the bannotify.eml does? That is something that we are planning to add. In the meantime, it is possible to turn off the Outlook CR Vulnerability test (with a line "BANCRVIRUSES OFF" in the virus.cfg file). -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
