Mailing List SIMS@mail.stalker.com Message #14510
From: Global Homes Webmaster <webmaster@globalhomes.com>
Subject: Re: virus warnings getting out of hand
Date: Tue, 25 May 2004 13:53:13 -0700
To: SIMS Discussions <SIMS@mail.stalker.com>
X-Mailer: Mailsmith 2.1.1 (Blindsider)
On 5/25/04 at 13:18, Charles Mangin wrote:

> i'm getting several of these a day:
>
>  From postmaster@ensim.rackshack.net Tue May 25 16:08:45 2004
> Return-Path: <>
> Received: from [207.44.176.12] (HELO ensim.rackshack.net)
>    by mail.option8.com (Stalker SMTP Server 1.8b9d14)
>    with ESMTP id S.0000178779 for <ninjas@ninjadeathsquad.com>; Tue, 25
> May 2004 07:49:50 -0400
[--snip--]
> needless to say, i'm not sending out viruses, and the account in
> question is an alias on my server from an old website. i might just
> make it a spamtrap and get over it, but i've gotten real email to that
> account in the not-so-distant past.
>
> anyhoo, i've tried emailing the postmaster

That's about the best you can do, but don't hold your breath waiting for
action. He shouldn't be bouncing virus messages, since their Return-Paths
(where bounces get sent) are pretty much guaranteed to be forged, having
nothing to do with the source of the virus message. The main result of
bouncing virus-bearing messages, as you've experienced, is to waste
bandwidth and annoy innocent people with unfounded accusations ('duh, you
got a virus...').

> bouncing these messages from mail.app, and finally blocking them
> at the SIMS router. however, i can't seem to get the router to
> bounce these. here's the relevant router entries:
>
> ensim.rackshack.net = error ; virus warnings. feh.
> rs6.webtoast.com = error ; double feh.

Routing to error works with the 'Verify Return-Paths' function, which only
checks Return-Paths, not the domain of the MTA connecting to SIMS. Since
the bounce message above (properly) has a null Return-Path (<>), your
router entries would not be able to catch it.

> the webtoast domain is the reverse DNS of the received from IP number
> 207.44.176.12. should i add 207.44.176.12=error as well? i just want
> these emails to bounce without my intervention...

The router is not going to be able to help with this because neither the IP
address nor the domain/hostname of the sending MTA is sent through the
router. To reject messages from this host, you want to add its IP address
(207.44.176.12) to your blacklist.

--
                   Christopher Bort | cbort@globalhomes.com
            Webmaster, Global Homes | webmaster@globalhomes.com
                      <http://www.globalhomes.com/>
Subscribe (FEED) Subscribe (DIGEST) Subscribe (INDEX) Unsubscribe Mail to Listmaster