Bug#411876: amavisd-new: UBE warning sent to Return-Path even if Return-Path == To

Wed, 21 Feb 2007 07:01:11 -0800 

Package: amavisd-new
Version: 1:2.4.2-5
Severity: normal

When a spammer sets the Return-Path address the same as the To address,
amavisd happily sends an UBE warning to this address. In this case being me.
I realize that abuse of the Return-Path header is hard to detect, but in
this case it is rather obvious:

Return-Path: <[EMAIL PROTECTED]>
From: "Gary Wilson" <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: brethren far off his company.  And I should hold for they
Date: Wed, 21 Feb 2007 20:00:60 +0530

I see this happing more and more now, I'm receiving at least one of these a
day now.

-- System Information:
Debian Release: 4.0
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.19-rvdb
Locale: LANG=en_US.ISO-8859-15, LC_CTYPE=en_US.ISO-8859-15 (charmap=ISO-8859-15)

Versions of packages amavisd-new depends on:
ii  adduser                       3.102      Add and remove users and groups
ii  debconf [debconf-2.0]         1.5.11     Debian configuration management sy
ii  file                          4.17-5     Determines file type using "magic"
ii  libarchive-tar-perl           1.30-2     Archive::Tar - manipulate tar file
ii  libarchive-zip-perl           1.16-1     Module for manipulation of ZIP arc
ii  libberkeleydb-perl            0.31-1     use Berkeley DB 4 databases from P
ii  libcompress-zlib-perl         1.42-2     Perl module for creation and manip
ii  libconvert-tnef-perl          0.17-5     Perl module to read TNEF files
ii  libconvert-uulib-perl         1.06-1     Perl interface to the uulib librar
pn  libdigest-md5-perl            <none>     (no description available)
ii  libio-stringy-perl            2.110-1    Perl5 modules for IO from scalars 
ii  libmailtools-perl             1.74-1     Manipulate email in perl programs
pn  libmime-base64-perl           <none>     (no description available)
ii  libmime-perl                  5.420-0.1  Perl5 modules for MIME-compliant m
ii  libnet-server-perl            0.94-1     An extensible, general perl server
ii  libunix-syslog-perl           0.100-5    Perl interface to the UNIX syslog(
ii  perl [libtime-hires-perl]     5.8.8-7    Larry Wall's Practical Extraction 
ii  perl-modules [libnet-perl]    5.8.8-7    Core Perl modules
ii  postfix [mail-transport-agent 2.3.6-1    A high-performance mail transport 

amavisd-new recommends no packages.

-- debconf information excluded


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to