Mailing List Message #14510
From: Global Homes Webmaster <>
Subject: Re: virus warnings getting out of hand
Date: Tue, 25 May 2004 13:53:13 -0700
To: SIMS Discussions <>
X-Mailer: Mailsmith 2.1.1 (Blindsider)
On 5/25/04 at 13:18, Charles Mangin wrote:

> i'm getting several of these a day:
>  From Tue May 25 16:08:45 2004
> Return-Path: <>
> Received: from [] (HELO
>    by (Stalker SMTP Server 1.8b9d14)
>    with ESMTP id S.0000178779 for <>; Tue, 25
> May 2004 07:49:50 -0400
> needless to say, i'm not sending out viruses, and the account in
> question is an alias on my server from an old website. i might just
> make it a spamtrap and get over it, but i've gotten real email to that
> account in the not-so-distant past.
> anyhoo, i've tried emailing the postmaster

That's about the best you can do, but don't hold your breath waiting for
action. He shouldn't be bouncing virus messages, since their Return-Paths
(where bounces get sent) are pretty much guaranteed to be forged, having
nothing to do with the source of the virus message. The main result of
bouncing virus-bearing messages, as you've experienced, is to waste
bandwidth and annoy innocent people with unfounded accusations ('duh, you
got a virus...').

> bouncing these messages from, and finally blocking them
> at the SIMS router. however, i can't seem to get the router to
> bounce these. here's the relevant router entries:
> = error ; virus warnings. feh.
> = error ; double feh.

Routing to error works with the 'Verify Return-Paths' function, which only
checks Return-Paths, not the domain of the MTA connecting to SIMS. Since
the bounce message above (properly) has a null Return-Path (<>), your
router entries would not be able to catch it.

> the webtoast domain is the reverse DNS of the received from IP number
> should i add as well? i just want
> these emails to bounce without my intervention...

The router is not going to be able to help with this because neither the IP
address nor the domain/hostname of the sending MTA is sent through the
router. To reject messages from this host, you want to add its IP address
( to your blacklist.

                   Christopher Bort |
            Webmaster, Global Homes |
Subscribe (FEED) Subscribe (DIGEST) Subscribe (INDEX) Unsubscribe Mail to Listmaster