Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Bugtraq: Re: RFC: virus handling

Re: RFC: virus handling

From: Volker Kuhlmann <list0570_at_paradise.net.nz>
Date: Wed, 4 Feb 2004 11:59:12 +1300

> > A bounce should *always* include a MIME attachment of type
> > message/rfc822-headers which contains the full headers from the original
> > mail. This makes it relatively easy to check on the receiving side if the
> > original "Received: from" headers are valid, and simply drop bounces that
> > relate to messages that were originally sent with forged headers.

> Outstanding idea. If you (or anyone else on the list) already have a
> tested procmail recipe for this, please share. If not, let's make one
> and share it around...

Done that:

http://volker.dnsalias.net/soft/procmail/virusnotification.rc

As a quick guess, the received: recipe catches 1/2 - 2/3 of all
responses from those idiots, though I'm not recording exactly which
recipe triggers because I don't care which rubbish it is.

Anything can be improved, of course.

Volker 

-- 
Volker Kuhlmann			is possibly list0570 with the domain in header
http://volker.dnsalias.net/		Please do not CC list postings to me.
Received on Feb 04 2004
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]