[ale] Once again, how about a virus scanner on the mailing list server?

Nick Travis wormfishin at gmail.com
Mon Feb 21 07:16:44 EST 2005


I got a similar message, but I just assumed it was b/c there was a
problem with the gmail servers.  I *think* it was Thursday night, I
was unable for receive mail on gmail for about 12 hours.  I sent a
test message from another account and got the "You mail has not been
delivered for 4 hours" message.

Nick


On Sun, 20 Feb 2005 18:26:44 -0500, Jim Popovitch <jimpop at yahoo.com> wrote:
> On Sun, 2005-02-20 at 12:16 -0500, Jim Patterson wrote:
> > Ummm,  Actually, if you read the message that came from postman
> > carefully, yo will see that the failed message did NOT come from
> > James, it is being included as a SAMPLE, so that James can
> > diagnose any problems on his side.  I (and presumably, every other
> > gmail user) got a similar message from postman because of the
> > virus traffic to the list.  I have quoted the relevant parts below.
> 
> QMail sends bounces to Mailman (aka ale-bounces at ale.org) and only
> Mailman sends bounce-checks.  The fact that you (and possibly other
> gmail users) got a similar message just shows that gmail blocked inbound
> ALE email after ALE tried to send a virus to multiple gmail users.
> After several failed deliveries to gmail users ALE sent a bounce-check
> that gmail allowed through.
> 
> >From ALE's side:
> 
> The failed delivery notification came from the QMail MAILER-DAEMON aka
> postman/postmaster.  What QMail was saying is that it wasn't able to
> deliver a virus infected email, to multiple external recipients, and it
> was giving up trying.  It then bounced the offending email back to
> Mailman.  Mailman had trouble delivering *MANY* emails to James (because
> gmail was now temporarily blocking ALE email), not just this one
> particular one.  It tried several times and finally sent one last
> bounce-check before setting James' subscription to nomail.  The
> bounce-check include a sample copy of one email it was trying to deliver
> to james.sumners at gmail.com ... the particular last email just so
> happened to be the QMail notification, showing the failed delivery
> targets, including a copy of the virus.
> 
> Did the virus come directly from James Sumners?  Probably not, the odds
> are highly against it.
> 
> Does it have the appearance of coming from James Sumners?  Yes, after
> all Mailman returned to him a virus laden email as undeliverable.  It
> only sends these back to the "sender" (which can easily be spoofed).
> 
> The source IP of the original virus email, as reported to QMail, is
> 202.9.146.122 (India).  Presumably someone in India sent spam to ALE
> using James' email address. (not a surprising thing)  There is no way to
> absolutely prevent this from happening, but a good start is to use a
> combination of clamav, spamassassin, and demimie to keep inbound garbage
> at bay.
> 
> -Jim P.
> 
> 
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale
>



More information about the Ale mailing list