Simon Matthews simon at paxonet.com
Thu May 16 18:43:01 PDT 2002

On Thu, 16 May 2002, Paul Thomas wrote:

> Hi,
> I have SECURITY_NOTIFY_SENDER="YES" enabled. I was informed earlier
> today that notifications are being sent to the wrong sender:
> "Therefore, you are foolishly sending your "Security Warning" to the wrong
> address, QED."
> "   As a hint, Kleg does NOT forge the envelope sender address...try using
> that address for your silly autoresponder. I leave it to the
> self-proclamed"

Actually, I don't think Klez always puts the correct reply address
anywhere. I am seeing emails where clearly all the sender email addresses
are forged. What is interesting is it seems to try to use the mailserver
of the fake sender's domain to send emails. Hence my mailserver is logging
many "relay access denied" messages.


More information about the esd-l mailing list