Re: [OT] Re: ATTACK TO MY SYSTEM

[John Bradford]

> > I'm running my own mailserver and it's hard not to accept it.  I have
> > basically done checks in the from and to headers.  If it appears as a virus,
> > i lockout the smtp sender.  It's not permenant.  When the virus stops, i
> > unblock every one.
>
> I've noticed that they *ALL* have their From:, To:, and Subject: written in
> uppercase. So it's really easy to filter them out depending on the tools used.
> If a mail header either matches ^FROM:, ^TO: or ^SUBJECT: then it has high
> chances to be a spam/virus. I checked all my recent mails and a few months
> back in LKML and did not found anything except spam/viruses which match this.
> At least, we should be lucky that these virus writers don't fully respect
> protocols...

What protocols are you referring to?

RFC 822, section 3.4.7, makes clear that case is _not_ significant for
these field names.  RFC 2822 doesn't change this.

Just because no commonly used E-Mail application seems to generate
uppercase field names, how do you know something like a password
auto-responder script won't?

That may not be a concern for you, but please don't spread
mis-information to others.

John.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/