On Wednesday 20 August 2003 17:05, Jay Kline wrote:
> > The mail server that send the bounce. This is called a double
> > bounce. Correct me if this is wrong ...
>
> Yes, it goes back to the server doing the sending. Its a double
> bounce when the bounce message itself bounces. I dont know how this
> virus is proigating itself, but I would imagine that if it does the
> sending itself, rejecting at the initial smtp session would not
> result in a double bounce. However, if it uses some relay (that it
> either set up itself, or found on a network, etc) and used forged
> headers, then it will go to some unsusspecting person (of whoever is
> in the headers).
I've examined a few messages I've got now, and none of them had been
through any relays. In fact, they had all been sent directly from
dialups or *DSL users.
Here are the headers of an example:
Return-path: <[EMAIL PROTECTED]>
Envelope-to: [EMAIL PROTECTED]
Received: from mail by pooh.kjernsmo.net with spam-scanned (Exim 3.35 #1
(Debian))
id 19pYJ2-0007EM-00
for <[EMAIL PROTECTED]>; Wed, 20 Aug 2003 21:07:40 +0200
Received: from ppp-67-67-194-5.dsl.austtx.swbell.net ([67.67.194.5]
helo=WILLNCANDY)
by pooh.kjernsmo.net with esmtp (Exim 3.35 #1 (Debian))
id 19pYIZ-0007E7-00
for <[EMAIL PROTECTED]>; Wed, 20 Aug 2003 21:07:14 +0200
From: <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Subject: Re: Wicked screensaver
Date: Wed, 20 Aug 2003 14:07:06 --0500
X-MailScanner: Found to be clean
Importance: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MSMail-Priority: Normal
X-Priority: 3 (Normal)
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="_NextPart_000_000FCE03"
Message-Id: <[EMAIL PROTECTED]>
(BTW, don't send anything to the [EMAIL PROTECTED] address, ever. It is
intended as a spamtrap... Unfortunately, viruses like this limit it's
usefulness as spamtrap, that's one of the reasons I want to filter this
before going to SpamAssassin)
OK, so if I get this correctly, a double bounce would result in that I
get the bounce, but that that's unlikely to occur. But it is still not
clear to me who gets the bounce, it would be the the sender on the
envelope, but that's [EMAIL PROTECTED] in this case,
right....? And that's something I wouldn't want to happen...
Best,
Kjetil
--
Kjetil Kjernsmo
Astrophysicist/IT Consultant/Skeptic/Ski-orienteer/Orienteer/Mountaineer
[EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]
Homepage: http://www.kjetil.kjernsmo.net/ OpenPGP KeyID: 6A6A0BBC
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
