[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[no subject]

Nick


On Sun, 20 Feb 2005 18:26:44 -0500, Jim Popovitch <jimpop at yahoo.com> wrote:
> On Sun, 2005-02-20 at 12:16 -0500, Jim Patterson wrote:
> > Ummm,  Actually, if you read the message that came from postman
> > carefully, yo will see that the failed message did NOT come from
> > James, it is being included as a SAMPLE, so that James can
> > diagnose any problems on his side.  I (and presumably, every other
> > gmail user) got a similar message from postman because of the
> > virus traffic to the list.  I have quoted the relevant parts below.
> 
> QMail sends bounces to Mailman (aka ale-bounces at ale.org) and only
> Mailman sends bounce-checks.  The fact that you (and possibly other
> gmail users) got a similar message just shows that gmail blocked inbound
> ALE email after ALE tried to send a virus to multiple gmail users.
> After several failed deliveries to gmail users ALE sent a bounce-check
> that gmail allowed through.
> 
> >From ALE's side:
> 
> The failed delivery notification came from the QMail MAILER-DAEMON aka
> postman/postmaster.  What QMail was saying is that it wasn't able to
> deliver a virus infected email, to multiple external recipients, and it
> was giving up trying.  It then bounced the offending email back to
> Mailman.  Mailman had trouble delivering *MANY* emails to James (because
> gmail was now temporarily blocking ALE email), not just this one
> particular one.  It tried several times and finally sent one last
> bounce-check before setting James' subscription to nomail.  The
> bounce-check include a sample copy of one email it was trying to deliver
> to james.sumners at gmail.com ... the particular last email just so
> happened to be the QMail notification, showing the failed delivery
> targets, including a copy of the virus.
> 
> Did the virus come directly from James Sumners?  Probably not, the odds
> are highly against it.
> 
> Does it have the appearance of coming from James Sumners?  Yes, after
> all Mailman returned to him a virus laden email as undeliverable.  It
> only sends these back to the "sender" (which can easily be spoofed).
> 
> The source IP of the original virus email, as reported to QMail, is
> 202.9.146.122 (India).  Presumably someone in India sent spam to ALE
> using James' email address. (not a surprising thing)  There is no way to
> absolutely prevent this from happening, but a good start is to use a
> combination of clamav, spamassassin, and demimie to keep inbound garbage
> at bay.
> 
> -Jim P.
> 
> 
> _______________________________________________
> Ale mailing list
> Ale at ale.org
&gt; <a  rel="nofollow" href="http://www.ale.org/mailman/listinfo/ale";>http://www.ale.org/mailman/listinfo/ale</a>
&gt;


</pre>
<!--X-Body-of-Message-End-->
<!--X-MsgBody-End-->
<!--X-Follow-Ups-->
<hr>
<!--X-Follow-Ups-End-->
<!--X-References-->
<ul><li><strong>References</strong>:
<ul>
<li><strong><a name="00716" href="msg00716.html">[ale] Once again,	how about a virus scanner on the mailing list server?</a></strong>
<ul><li><em>From:</em> james.sumners at gmail.com (James Sumners)</li></ul></li>
<li><strong><a name="00727" href="msg00727.html">[ale] Once again,	how about a virus scanner on the mailing list	server?</a></strong>
<ul><li><em>From:</em> joh6nn at hotpop.com (joh6nn)</li></ul></li>
<li><strong><a name="00738" href="msg00738.html">[ale] Once again,	how about a virus scanner on the mailing	list server?</a></strong>
<ul><li><em>From:</em> jkinney at localnetsolutions.com (James P. Kinney III)</li></ul></li>
<li><strong><a name="00742" href="msg00742.html">[ale] Once again,		how about a virus scanner on the mailing list	server?</a></strong>
<ul><li><em>From:</em> groups at ChangingLINKS.com (ChangingLINKS.com)</li></ul></li>
<li><strong><a name="00744" href="msg00744.html">[ale] Once again,	how about a virus scanner on the mailing list server?</a></strong>
<ul><li><em>From:</em> james.sumners at gmail.com (James Sumners)</li></ul></li>
<li><strong><a name="00752" href="msg00752.html">[ale] Once again, how about a virus scanner on the mailing	list server?</a></strong>
<ul><li><em>From:</em> jimpop at yahoo.com (Jim Popovitch)</li></ul></li>
<li><strong><a name="00767" href="msg00767.html">[ale] Once again,	how about a virus scanner on the mailing list server?</a></strong>
<ul><li><em>From:</em> unixdude at gmail.com (Jim Patterson)</li></ul></li>
<li><strong><a name="00777" href="msg00777.html">[ale] Once again, how about a virus scanner on the mailing	list server?</a></strong>
<ul><li><em>From:</em> jimpop at yahoo.com (Jim Popovitch)</li></ul></li>
</ul></li></ul>
<!--X-References-End-->
<!--X-BotPNI-->
<ul>
<li>Prev by Date:
<strong><a href="msg00789.html">[ale] Keeping pppoe alive</a></strong>
</li>
<li>Next by Date:
<strong><a href="msg00791.html">[ale] Keeping pppoe alive</a></strong>
</li>
<li>Previous by thread:
<strong><a href="msg00777.html">[ale] Once again, how about a virus scanner on the mailing	list server?</a></strong>
</li>
<li>Next by thread:
<strong><a href="msg00750.html">[ale] Once again, 	how about a virus scanner on the mailing	list server?</a></strong>
</li>
<li>Index(es):
<ul>
<li><a href="maillist.html#00790"><strong>Date</strong></a></li>
<li><a href="threads.html#00790"><strong>Thread</strong></a></li>
</ul>
</li>
</ul>

<!--X-BotPNI-End-->
<!--X-User-Footer-->
<!--X-User-Footer-End-->
</body>
</html>