Date: Wed, 24 Sep 2003 08:40:35 +0100
From: John Bradford <john@grabjohn.com>
Message-Id: <200309240740.h8O7eZNI000474@81-2-122-30.bradfords.org.uk>
To: wakko@animx.eu.org, willy@w.ods.org
Subject: Re: [OT] Re: ATTACK TO MY SYSTEM
Cc: efault@gmx.de, elenstev@mesatop.com, jamagallon@able.es,
       linux-kernel@vger.kernel.org
Sender: linux-kernel-owner@vger.kernel.org
Content-Length: 1401
Lines: 31

> > I'm running my own mailserver and it's hard not to accept it.  I have
> > basically done checks in the from and to headers.  If it appears as a virus,
> > i lockout the smtp sender.  It's not permenant.  When the virus stops, i
> > unblock every one.
>
> I've noticed that they *ALL* have their From:, To:, and Subject: written in
> uppercase. So it's really easy to filter them out depending on the tools used.
> If a mail header either matches ^FROM:, ^TO: or ^SUBJECT: then it has high
> chances to be a spam/virus. I checked all my recent mails and a few months
> back in LKML and did not found anything except spam/viruses which match this.
> At least, we should be lucky that these virus writers don't fully respect
> protocols...

What protocols are you referring to?

RFC 822, section 3.4.7, makes clear that case is _not_ significant for
these field names.  RFC 2822 doesn't change this.

Just because no commonly used E-Mail application seems to generate
uppercase field names, how do you know something like a password
auto-responder script won't?

That may not be a concern for you, but please don't spread
mis-information to others.

John.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/