On Tue, May 04, 2004 at 01:31:14PM +0200, Marc Muncke wrote: > I MUST NOT send a notification about a virus mail, if the return-path is > empty.
Yup. That is the way Qmail-Scanner works. > Do I understand right that envelope-return-path is NOT the FROM: field ?? Yup. > If so, qmail-scanner does not act right. Really? That would surprise me... > > In reality I find that qmail-scanner returns a notification-mail to the > FROM: field of a message. No it doesn't. > Here is a mail without REPLY-TO-PATH : Q-S never reads Reply-to headers - so I can't see how it could act differently based on it existing or not... > From: [EMAIL PROTECTED] > To: [EMAIL PROTECTED] > Subject: Mail Delivery (failure [EMAIL PROTECTED]) > Date: Fri, 30 Apr 2004 13:54:04 +0200 > MIME-Version: 1.0 > --------- snip > This notification from qmail-scanner went out to the spoofed FROM: Line .... Then the "MAIL FROM:" envelope header must have been "[EMAIL PROTECTED]" instead of "<>" as it should have been If that message was generated by a virus instead of a real bounce, then you have just discovered that virus writers don't know jack about writing email messages. Nothing new there... -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 ------------------------------------------------------- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click _______________________________________________ Qmail-scanner-general mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
