Larry Gilson wrote on Mon, 22 Sep 2003 10:44:29 -0400:
> The virus library
> documentation and all the messages I have seen indicate that the From and To
> are grabbed from multiple locations on the computer and the Subject is
> dynamic from hard-coded lists. It says nothing about the MAIL FROM b
> -Original Message-
> From: Kai Schaetzl
> Larry Gilson wrote on Sun, 21 Sep 2003 17:13:35 -0400:
>
> > I agree with what you are saying about the MAIL FROM command.
> > It is easy enough to forge. However, I have only seen the header
> > From change and leave the MAIL FROM command
Larry Gilson wrote on Sun, 21 Sep 2003 17:13:35 -0400:
> I agree with what you are saying about the MAIL FROM command. It is easy
> enough to forge. However, I have only seen the header From change and leave
> the MAIL FROM command as that configured in the user's profile.
What "user's profile"
> -Original Message-
> From: Jim
> On Sun, Sep 21, 2003 at 02:48:14PM -0400, Larry Gilson wrote:
> > The sender, meaning the header From does change. However,
> > the envelopesender is consistent if mail is coming from the same
> > user/machine. However,the envelope sender may change
On Sun, Sep 21, 2003 at 02:48:14PM -0400, Larry Gilson wrote:
> The sender, meaning the header From does change. However, the envelope
> sender is consistent if mail is coming from the same user/machine. However,
> the envelope sender may change if it is a multi-user host.
The envelope sender ca
> -Original Message-
> From: Kai Schaetzl
> Jack L. Stone wrote on Sat, 20 Sep 2003 10:08:51 -0500:
>
> > Research has led me to believe that the "envelope from" is the
> > most reliable source of the actual sender. I am prepared to be
> > corrected though and would like to be.
> >
Jack L. Stone wrote on Sat, 20 Sep 2003 10:08:51 -0500:
> Research has led me to believe that the "envelope from" is the most
> reliable source of the actual sender. I am prepared to be corrected
> though and would like to be.
>
However, in the case of a spamming virus or a spammer the sender
At 02:41 PM 9.20.2003 +0200, Kristian Koehntopp wrote:
>
>Hi!
>
>I have analyzed the latest Swen wave, and it seems that I
>receive many mails from a very small set of machines.
>
>I am about to modify my spamd in a way that it maintains a list
>(a dbm actually) of IP-numbers it received spam from
