On 5/25/04 at 13:18, Charles Mangin wrote:
> i'm getting several of these a day:
>
> From [EMAIL PROTECTED] Tue May 25 16:08:45 2004
> Return-Path: <>
> Received: from [207.44.176.12] (HELO ensim.rackshack.net)
> by mail.option8.com (Stalker SMTP Server 1.8b9d14)
> with ESMTP id S.0000178779 for <[EMAIL PROTECTED]>; Tue, 25
> May 2004 07:49:50 -0400
[--snip--]
> needless to say, i'm not sending out viruses, and the account in
> question is an alias on my server from an old website. i might just
> make it a spamtrap and get over it, but i've gotten real email to that
> account in the not-so-distant past.
>
> anyhoo, i've tried emailing the postmaster
That's about the best you can do, but don't hold your breath waiting for
action. He shouldn't be bouncing virus messages, since their Return-Paths
(where bounces get sent) are pretty much guaranteed to be forged, having
nothing to do with the source of the virus message. The main result of
bouncing virus-bearing messages, as you've experienced, is to waste
bandwidth and annoy innocent people with unfounded accusations ('duh, you
got a virus...').
> bouncing these messages from mail.app, and finally blocking them
> at the SIMS router. however, i can't seem to get the router to
> bounce these. here's the relevant router entries:
>
> ensim.rackshack.net = error ; virus warnings. feh.
> rs6.webtoast.com = error ; double feh.
Routing to error works with the 'Verify Return-Paths' function, which only
checks Return-Paths, not the domain of the MTA connecting to SIMS. Since
the bounce message above (properly) has a null Return-Path (<>), your
router entries would not be able to catch it.
> the webtoast domain is the reverse DNS of the received from IP number
> 207.44.176.12. should i add 207.44.176.12=error as well? i just want
> these emails to bounce without my intervention...
The router is not going to be able to help with this because neither the IP
address nor the domain/hostname of the sending MTA is sent through the
router. To reject messages from this host, you want to add its IP address
(207.44.176.12) to your blacklist.
--
Christopher Bort | [EMAIL PROTECTED]
Webmaster, Global Homes | [EMAIL PROTECTED]
<http://www.globalhomes.com/>
#############################################################
This message is sent to you because you are subscribed to
the mailing list <[EMAIL PROTECTED]>.
To unsubscribe, E-mail to: <[EMAIL PROTECTED]>
To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]>
To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]>
Send administrative queries to <[EMAIL PROTECTED]>
