List-Managers: Re: determining real Klez worm sender?

List-Managers
(August 2002)

Indexed By Thread: [Previous] [Next]

Subject:	Re: determining real Klez worm sender?
From:	Vivek Khera <khera @ kcilink . com>
Date:	Thu, 8 Aug 2002 14:19:05 -0400
To:	list-managers @ greatcircle . com
In-reply-to:	<v03130312b9784415dbc5@[192.168.123.10]>
References:	<20020807062006.C5395195F9B@mycroft.greatcircle.com><v03130312b9784415dbc5@[192.168.123.10]>

>>>>> "CS" == Charlie Summers <charlie@lofcom.com> writes:

CS> The envelope sender _used_ to be reliable, but it doesn't appear
CS> to be any longer. Can anyone else confirm that later versinos of
CS> this thing are munging the envelope sender as well?

I've tried to respond to a few envelope senders, but they are "account
does not exist", within seconds of the klez appearing.  I'm suspecting
that the ISP in question didn't react that quickly ;-)

So, my guess is that it does fake the sender address as well.

I just use a postfix body_check filter to block it at the gate, and
let the real sender eat their own worms.

Follow-Ups:

OT Re: determining real Klez worm sender?
From: Beartooth <karhunhammas@Lserv.com>

References:

Re: determining real Klez worm sender?
From: Charlie Summers <charlie@lofcom.com>

Indexed By Date	Previous:	Question on Majordomo From: Gongqin Shen <gxs59@po.cwru.edu>
Indexed By Date	Next:	OT Re: determining real Klez worm sender? From: Beartooth <karhunhammas@Lserv.com>
Indexed By Thread	Previous:	Re: determining real Klez worm sender? From: Charlie Summers <charlie@lofcom.com>
Indexed By Thread	Next:	OT Re: determining real Klez worm sender? From: Beartooth <karhunhammas@Lserv.com>