Debian Bug report logs - #411876
amavisd-new: UBE warning sent to Return-Path even if Return-Path == To

version graph

Package: amavisd-new; Maintainer for amavisd-new is Brian May <[email protected]>; Source for amavisd-new is src:amavisd-new (PTS, buildd, popcon).

Reported by: Richard van den Berg <[email protected]>

Date: Wed, 21 Feb 2007 14:57:04 UTC

Severity: normal

Found in version amavisd-new/1:2.4.2-5

Reply or subscribe to this bug.

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to [email protected], Brian May <[email protected]>:
Bug#411876; Package amavisd-new. (full text, mbox, link).

Acknowledgement sent to Richard van den Berg <[email protected]>:
New Bug report received and forwarded. Copy sent to Brian May <[email protected]>. (full text, mbox, link).

Message #5 received at [email protected] (full text, mbox, reply):

From: Richard van den Berg <[email protected]>
To: Debian Bug Tracking System <[email protected]>
Subject: amavisd-new: UBE warning sent to Return-Path even if Return-Path == To
Date: Wed, 21 Feb 2007 15:55:31 +0100
Package: amavisd-new
Version: 1:2.4.2-5
Severity: normal

When a spammer sets the Return-Path address the same as the To address,
amavisd happily sends an UBE warning to this address. In this case being me.
I realize that abuse of the Return-Path header is hard to detect, but in
this case it is rather obvious:

Return-Path: <[email protected]>
From: "Gary Wilson" <[email protected]>
To: [email protected]
Subject: brethren far off his company.  And I should hold for they
Date: Wed, 21 Feb 2007 20:00:60 +0530

I see this happing more and more now, I'm receiving at least one of these a
day now.

-- System Information:
Debian Release: 4.0
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.19-rvdb
Locale: LANG=en_US.ISO-8859-15, LC_CTYPE=en_US.ISO-8859-15 (charmap=ISO-8859-15)

Versions of packages amavisd-new depends on:
ii  adduser                       3.102      Add and remove users and groups
ii  debconf [debconf-2.0]         1.5.11     Debian configuration management sy
ii  file                          4.17-5     Determines file type using "magic"
ii  libarchive-tar-perl           1.30-2     Archive::Tar - manipulate tar file
ii  libarchive-zip-perl           1.16-1     Module for manipulation of ZIP arc
ii  libberkeleydb-perl            0.31-1     use Berkeley DB 4 databases from P
ii  libcompress-zlib-perl         1.42-2     Perl module for creation and manip
ii  libconvert-tnef-perl          0.17-5     Perl module to read TNEF files
ii  libconvert-uulib-perl         1.06-1     Perl interface to the uulib librar
pn  libdigest-md5-perl            <none>     (no description available)
ii  libio-stringy-perl            2.110-1    Perl5 modules for IO from scalars 
ii  libmailtools-perl             1.74-1     Manipulate email in perl programs
pn  libmime-base64-perl           <none>     (no description available)
ii  libmime-perl                  5.420-0.1  Perl5 modules for MIME-compliant m
ii  libnet-server-perl            0.94-1     An extensible, general perl server
ii  libunix-syslog-perl           0.100-5    Perl interface to the UNIX syslog(
ii  perl [libtime-hires-perl]     5.8.8-7    Larry Wall's Practical Extraction 
ii  perl-modules [libnet-perl]    5.8.8-7    Core Perl modules
ii  postfix [mail-transport-agent 2.3.6-1    A high-performance mail transport 

amavisd-new recommends no packages.

-- debconf information excluded

Send a report that this bug log contains spam.

Debian bug tracking system administrator <[email protected]>. Last modified: Thu May 15 19:08:51 2025; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU General Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.