map@GAAK.LCS.MIT.EDU (Michael A. Patton) (11/29/88)
Date: Thu, 17 Nov 88 17:48:46 EST
From: ejs@GoldHill.COM (Eric Swenson)
Subject: FBI Contact re: November Internet Virus
Date: Wed 16 Nov 88 15:46:13-EST
From: RichDeJordy@goldhill.com, x295 <RAD@vax02.ams.com>
Someone oibjected to the line "Not everyone is on TCP-IP" as part
of a request for expanded distribution of some informational
message, saying that everyone hit by the virus was, and that the
DDN either didn't know what they were saying or they were hiding
something.
I believe the misconception is this. TCP-IP was meant as the
TCP-IP mailing list from SCORE, not the Internet itself.
-------
Interesting, the above message (cc'ed to the tcp-ip mailing list) claims to
have come from a RichDeJordy@goldhill.com. There is no such user here at
Gold Hill and no such user on any of our machines. Whoever sent this message
has a machine whose mailer does the wrong thing when trying to reply to a
message. Who sent this message anyway, was it rad@vax02.ams.com? If so,
please check your mailer.
-- Eric
I have already pointed out the problems with this message directly to
Rich DeJordy (whose mail address is RAD@vax02.ams.com (and whose
extension at AMS is 295). There were two mailer errors that caused
you to see the header you did. Everyone who saw this problem saw it
with their own host substituted for goldhill.com, here is the
explanation of how it happened as I reconstruct it.
The first was that the originating mail agent took Rich's personal
information ("RichDeJordy, x295") and included it in the header
without quoting even though it contained a special character. This
resulted in an originating "From:" line that looked like:
From: RichDeJordy, x295 <RAD@vax02.ams.com>
The second was that your mailer (sendmail no doubt) decided that the
"From:" line contained two addresses:
"RichDeJordy" and "x295 <RAD@vax02.ams.com>"
The second looks OK to sendmail, the first doesn't contain an "@" so
it must be local. Sendmail then helps you out by adding the name of
the local host so that if it leaves your machine the address will be
valid. This is, of course, wrong, but there isn't anything right to
do given the original bad "From:", so I guess it's rather a moot
point. It just seems to me that mail arriving from the network
shouldn't have the headers "improved" if it isn't necessary (which
should only be the case when forwarding to a mail environment which
uses different header conventions).
The result is that both machines (yours and his) have mailers that do
the wrong thing, his generates invalid headers, yours makes gratuitous
changes to these headers. BTW, his is a VAX/VMS and yours is a 4.2BSD
Unix, have these systems ever disagreed before :-)?
Mike Patton, Network Manager
Laboratory for Computer Science
Massachusetts Institute of Technology
P.S. You should probably have chosen a better subject line for your
message.
Disclaimer: The opinions expressed above are a figment of the phosphor
on your screen and do not represent the views of MIT, LCS, or MAP. :-)