procmail
[Top] [All Lists]

Re: Bounce message for filtered mail via procmail?

2003-06-28 19:08:17
At 21:37 2003-06-28 -0400, Dragoncrest did say:
you could pull them out and put them in a binaries directory, forwarding along only the text portion of the message.

        Actually, that's kinda what I had in mind.

Kinda, 'cept your not forwarding the stripped message to the orignal recipient, but firing it off back at the person you BELIEVE sent the message, which 9 out of 10 times isn't the infected user that sent the message.

Date: Sat, 28 Jun 2003 21:05:30 -0400
From: mylocaladdy(_at_)myserver(_dot_)com (the address that received the bad or illegal/infected attachment) To: bouncee(_at_)isp(_dot_)com (person who's address appears as the sendee of said bad/illegal/infected attachment)
Subject: Quarentined File Alert
[
You or someone at this address sent me an email with an attachment on it with the following name: somefile.exe

[snip]

EXACTLY what I'm saying is a really bad idea. Many of the current generation of spams are coming FROM: an address which was harvested from the saved mail of the user who actually has the infection. So, some well-meaning individual goes and sends a pile of these announcements out in response to inbound viruses, and all you succeed in doing is annoying the living fsck out of the person WHO DIDN'T MAIL YOUR USER, AND DOESN'T HAVE A VIRUS IN THE FIRST PLACE.

Oh, and your proposed text doesn't include the *HEADERS* of the message in question, which is one of the many beefs I've got with the damn commercial-based systems which already take this approach - I can't even send them the headers back and say: HELLO, where the fsck do you even see MY MAILSERVER in these headers?

These are *VERY* annoying to list administrators, whose "owner-listname(_at_)listdomain(_dot_)tld" addresses appear as the envelope sender of a great number of messages out there. The listadmin gets to suffer because some user out there - who may not even be a CURRENT subscriber, has a virus that it culling the listowner address from their old saved email, and that's resuling in the listadmin getting hammered with autoreply crap.

DON'T DO IT. Go ahead and trim to the headers only and forward that to the original intended recipient so that if THEY want to follow up, they can. Then, if they're sending emails to the wrong people, it's them doing it, and really quickly, they'll learn that it's a bad idea, because the available addresses in the message headers are all forged.

Take a look into how "Klez" works, and you'll see that the envelope address isn't even the same as the From: address - that's so a human reply will be directed to one hapless soul and delivery BOUNCES (often complete with the virus attachment still intact) will be bounced by the postmaster to another hapless soul.

If you wanted to fire off "hey, you're a butthead for sending me Word DOC picture attachment to our HR department when the advert said plain text or PDF only" that'd be different. For that, you can find autoreply scripts in the list archives.

---
 Sean B. Straw / Professional Software Engineering

 Procmail disclaimer: <http://www.professional.org/procmail/disclaimer.html>
 Please DO NOT carbon me on list replies.  I'll get my copy from the list.


_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail

<Prev in Thread] Current Thread [Next in Thread>