newspostuser --> To, but what about Reply-To?
ken at oceana.com
Tue Feb 17 13:14:13 EST 2004
+archive.info-cyrus at utdallas.edu wrote:
> On Fri, 6 Feb 2004, Ken Murchison wrote:
>>I just committed this change to CVS. It seems to work just fine with
>>Mozilla, Outlook and Pine.
>>It also gave me the opportunity to cleanup the handling of netnews
>>specific headers (Path, Xref) and to actually append the post addresses
>>to the Reply-To header (previously I was just adding another To: header).
> Excellent! Thanks!
Well, I just found a problem with this. It also may have been a problem
with the To: header as well.
Any article which gets posted to Cyrus nntpd will have the post address
added to the Reply-To header, and this address will be present in the
article when it is transferred to the outside news peer.
The problem occurs when the spammers harvest this address and then start
sending junk/viruses to the post address. In my case my virus scanner
catches and strips the virus, and continues to deliver the message to
the intended recipient (the newsgroup via lmtp2nntp) which then gets
propagated up the tree. The end result is that I have been sending
virus notifications to comp.mail.imap for the past day or so (until Rob
Obviously, I have to configure my MTA so that it only accepts mail to
the post addresses from internal/auth'd clients, but nntpd should
probably also cleanse the article of the post address.
Kenneth Murchison Oceana Matrix Ltd.
Software Engineer 21 Princeton Place
716-662-8973 x26 Orchard Park, NY 14127
--PGP Public Key-- http://www.oceana.com/~ken/ksm.pgp
Home Page: http://asg.web.cmu.edu/cyrus
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
More information about the Info-cyrus