again a question about legal or illegal bounces for spoofed senders (Mydoom etc).
As far as I understand RFC 2821 (RFC2821) at : http://www.faqs.org/rfcs/rfc2821.html
------------- snip
6.1 Reliable Delivery and Replies by Email
When the receiver-SMTP accepts a piece of mail (by sending a "250 OK" message in response to DATA), it is accepting responsibility for delivering or relaying the message. It must take this responsibility seriously. It MUST NOT lose the message for frivolous reasons, such as because the host later crashes or because of a predictable resource shortage.
If there is a delivery failure after acceptance of a message, the
receiver-SMTP MUST formulate and mail a notification message. This
notification MUST be sent using a null ("<>") reverse path in the
envelope. The recipient of this notification MUST be the address
from the envelope return path (or the Return-Path: line). However,
if this address is null ("<>"), the receiver-SMTP MUST NOT send a
notification. Obviously, nothing in this section can or should
prohibit local decisions (i.e., as part of the same system
environment as the receiver-SMTP) to log or otherwise transmit
information about null address events locally if that is desired. If
the address is an explicit source route, it MUST be stripped down to
its final hop.--------- snip
I MUST NOT send a notification about a virus mail, if the return-path is empty.
Do I understand right that envelope-return-path is NOT the FROM: field ??
If so, qmail-scanner does not act right.
In reality I find that qmail-scanner returns a notification-mail to the FROM: field of a message.
but not to an emty REPLY-TO :
Here is a mail without REPLY-TO-PATH :
--------- snip
Received: from xx-yy-zz-ww.some.ip.address (HELO mymaildomain.com) (someotherIPadress)
by 0 with SMTP; 30 Apr 2004 11:44:06 -0000
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Mail Delivery (failure [EMAIL PROTECTED])
Date: Fri, 30 Apr 2004 13:54:04 +0200
MIME-Version: 1.0
--------- snip
This notification from qmail-scanner went out to the spoofed FROM: Line ....
If the FROM on the other hand IS the envelope-return-path, the infection of bounced bounces with spoofed mail-virii is working as designed by SMTP-Protocol.
What is right?
Marc
Of course, in the end the virii will just also fill in the reply-to but then we can blame it on RFC and not on qmail-scanner....
-------------------------------------------------------
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
_______________________________________________
Qmail-scanner-general mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
