[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[no subject]
- <!--x-content-type: text/plain -->
- <!--x-date: Sun Feb 20 18:32:33 2005 -->
- <!--x-from-r13: wvzcbc ng lnubb.pbz (Xvz Bbcbivgpu) -->
- <!--x-message-id: 1108942005.6242.52.camel@blue -->
- <!--x-reference: [email protected] -->
- <!--x-reference: [email protected] -->
- <!--x-reference: [email protected] -->
- <!--x-reference: [email protected] -->
- <!--x-reference: [email protected] -->
- <!--x-reference: 1108868318.7059.25.camel@blue -->
- <!--x-reference: [email protected] --> "http://www.w3.org/TR/html4/loose.dtd">
- <!--x-subject: [ale] Once again, how about a virus scanner on the mailing list server? -->
- <li><em>date</em>: Sun Feb 20 18:32:33 2005</li>
- <li><em>from</em>: jimpop at yahoo.com (Jim Popovitch)</li>
- <li><em>in-reply-to</em>: <<a href="msg00767.html">[email protected]</a>></li>
- <li><em>references</em>: <<a href="msg00716.html">[email protected]</a>> <<a href="msg00727.html">[email protected]</a>> <<a href="msg00738.html">[email protected]</a>> <<a href="msg00742.html">[email protected]</a>> <<a href="msg00744.html">[email protected]</a>> <1108868318.7059.25.camel@blue> <<a href="msg00767.html">[email protected]</a>></li>
- <li><em>subject</em>: [ale] Once again, how about a virus scanner on the mailing list server?</li>
QMail sends bounces to Mailman (aka ale-bounces at ale.org) and only
Mailman sends bounce-checks. The fact that you (and possibly other
gmail users) got a similar message just shows that gmail blocked inbound
ALE email after ALE tried to send a virus to multiple gmail users.
After several failed deliveries to gmail users ALE sent a bounce-check
that gmail allowed through.
>From ALE's side:
The failed delivery notification came from the QMail MAILER-DAEMON aka
postman/postmaster. What QMail was saying is that it wasn't able to
deliver a virus infected email, to multiple external recipients, and it
was giving up trying. It then bounced the offending email back to
Mailman. Mailman had trouble delivering *MANY* emails to James (because
gmail was now temporarily blocking ALE email), not just this one
particular one. It tried several times and finally sent one last
bounce-check before setting James' subscription to nomail. The
bounce-check include a sample copy of one email it was trying to deliver
to james.sumners at gmail.com ... the particular last email just so
happened to be the QMail notification, showing the failed delivery
targets, including a copy of the virus.
Did the virus come directly from James Sumners? Probably not, the odds
are highly against it.
Does it have the appearance of coming from James Sumners? Yes, after
all Mailman returned to him a virus laden email as undeliverable. It
only sends these back to the "sender" (which can easily be spoofed).
The source IP of the original virus email, as reported to QMail, is
202.9.146.122 (India). Presumably someone in India sent spam to ALE
using James' email address. (not a surprising thing) There is no way to
absolutely prevent this from happening, but a good start is to use a
combination of clamav, spamassassin, and demimie to keep inbound garbage
at bay.
-Jim P.
</pre>
<!--X-Body-of-Message-End-->
<!--X-MsgBody-End-->
<!--X-Follow-Ups-->
<hr>
<ul><li><strong>Follow-Ups</strong>:
<ul>
<li><strong><a name="00790" href="msg00790.html">[ale] Once again, how about a virus scanner on the mailing list server?</a></strong>
<ul><li><em>From:</em> wormfishin at gmail.com (Nick Travis)</li></ul></li>
</ul></li></ul>
<!--X-Follow-Ups-End-->
<!--X-References-->
<ul><li><strong>References</strong>:
<ul>
<li><strong><a name="00716" href="msg00716.html">[ale] Once again, how about a virus scanner on the mailing list server?</a></strong>
<ul><li><em>From:</em> james.sumners at gmail.com (James Sumners)</li></ul></li>
<li><strong><a name="00727" href="msg00727.html">[ale] Once again, how about a virus scanner on the mailing list server?</a></strong>
<ul><li><em>From:</em> joh6nn at hotpop.com (joh6nn)</li></ul></li>
<li><strong><a name="00738" href="msg00738.html">[ale] Once again, how about a virus scanner on the mailing list server?</a></strong>
<ul><li><em>From:</em> jkinney at localnetsolutions.com (James P. Kinney III)</li></ul></li>
<li><strong><a name="00742" href="msg00742.html">[ale] Once again, how about a virus scanner on the mailing list server?</a></strong>
<ul><li><em>From:</em> groups at ChangingLINKS.com (ChangingLINKS.com)</li></ul></li>
<li><strong><a name="00744" href="msg00744.html">[ale] Once again, how about a virus scanner on the mailing list server?</a></strong>
<ul><li><em>From:</em> james.sumners at gmail.com (James Sumners)</li></ul></li>
<li><strong><a name="00752" href="msg00752.html">[ale] Once again, how about a virus scanner on the mailing list server?</a></strong>
<ul><li><em>From:</em> jimpop at yahoo.com (Jim Popovitch)</li></ul></li>
<li><strong><a name="00767" href="msg00767.html">[ale] Once again, how about a virus scanner on the mailing list server?</a></strong>
<ul><li><em>From:</em> unixdude at gmail.com (Jim Patterson)</li></ul></li>
</ul></li></ul>
<!--X-References-End-->
<!--X-BotPNI-->
<ul>
<li>Prev by Date:
<strong><a href="msg00776.html">[ale] NAS in Linux/windows network</a></strong>
</li>
<li>Next by Date:
<strong><a href="msg00778.html">[ale] [semi-OT] Can gpasm compile parallax assembly code? - resolution</a></strong>
</li>
<li>Previous by thread:
<strong><a href="msg00767.html">[ale] Once again, how about a virus scanner on the mailing list server?</a></strong>
</li>
<li>Next by thread:
<strong><a href="msg00790.html">[ale] Once again, how about a virus scanner on the mailing list server?</a></strong>
</li>
<li>Index(es):
<ul>
<li><a href="maillist.html#00777"><strong>Date</strong></a></li>
<li><a href="threads.html#00777"><strong>Thread</strong></a></li>
</ul>
</li>
</ul>
<!--X-BotPNI-End-->
<!--X-User-Footer-->
<!--X-User-Footer-End-->
</body>
</html>