[Esd-l] SECURITY_NOTIFY_SENDER="YES"
Paul Thomas
paul at cuenet.com
Thu May 16 17:18:01 PDT 2002
Hi,
I have SECURITY_NOTIFY_SENDER="YES" enabled. I was informed earlier
today that notifications are being sent to the wrong sender:
" You are sending auto-responses to the address in the From: header
field; as anyone who understands this worm knows, it forges the
From: header field with an arbitrary address culled from the _real_
infected party's drive."
"Therefore, you are foolishly sending your "Security Warning" to the wrong
address, QED."
" As a hint, Kleg does NOT forge the envelope sender address...try using
that address for your silly autoresponder. I leave it to the
self-proclamed"
bla bla...
I am still using html-trap.procmail,v 1.133, has this issue been
addressed in any subsequent releases?
Thanks,
--Paul
--
How does a tree get on the world wide web?
It logs on.
More information about the esd-l
mailing list