On Feb 5, 2008, at 6:21 PM, Doty, Timothy T. wrote: > We are getting complaints about "mailbombing" of our postmaster > address with > what appears to be email caused by a nasl.
How many messages are you / they talking about? > [EMAIL PROTECTED] on > 2/5/2008 > 2:52 PM > The message cannot be delivered due to a configuration > error on > the server. Please contact your Administrator. > < system.being.scanned #5.3.0 SMTP; 553 5.3.0 > <[EMAIL PROTECTED]>... > some.nessus.server is not a valid delivery host> This is from a recent plugin, clamav_milter_blackhole_cmd_exec.nasl, which tries to send a message that will exploit a code execution flaw in clamav-milter. Apparently, the target mail system doesn't accept mail from some.nessus.server and is generating a bounce. Still, that should be just one message per scan. Isn't it? I did just commit a change to use any empty from address. MTAs should accept that as it's used for bounces. Look for revision 1.5 to become available in a couple of hours and let me know if that fixes the problem please. George -- [EMAIL PROTECTED] _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
