map@GAAK.LCS.MIT.EDU (Michael A. Patton) (11/29/88)
Date: Thu, 17 Nov 88 17:48:46 EST From: ejs@GoldHill.COM (Eric Swenson) Subject: FBI Contact re: November Internet Virus Date: Wed 16 Nov 88 15:46:13-EST From: RichDeJordy@goldhill.com, x295 <RAD@vax02.ams.com> Someone oibjected to the line "Not everyone is on TCP-IP" as part of a request for expanded distribution of some informational message, saying that everyone hit by the virus was, and that the DDN either didn't know what they were saying or they were hiding something. I believe the misconception is this. TCP-IP was meant as the TCP-IP mailing list from SCORE, not the Internet itself. ------- Interesting, the above message (cc'ed to the tcp-ip mailing list) claims to have come from a RichDeJordy@goldhill.com. There is no such user here at Gold Hill and no such user on any of our machines. Whoever sent this message has a machine whose mailer does the wrong thing when trying to reply to a message. Who sent this message anyway, was it rad@vax02.ams.com? If so, please check your mailer. -- Eric I have already pointed out the problems with this message directly to Rich DeJordy (whose mail address is RAD@vax02.ams.com (and whose extension at AMS is 295). There were two mailer errors that caused you to see the header you did. Everyone who saw this problem saw it with their own host substituted for goldhill.com, here is the explanation of how it happened as I reconstruct it. The first was that the originating mail agent took Rich's personal information ("RichDeJordy, x295") and included it in the header without quoting even though it contained a special character. This resulted in an originating "From:" line that looked like: From: RichDeJordy, x295 <RAD@vax02.ams.com> The second was that your mailer (sendmail no doubt) decided that the "From:" line contained two addresses: "RichDeJordy" and "x295 <RAD@vax02.ams.com>" The second looks OK to sendmail, the first doesn't contain an "@" so it must be local. Sendmail then helps you out by adding the name of the local host so that if it leaves your machine the address will be valid. This is, of course, wrong, but there isn't anything right to do given the original bad "From:", so I guess it's rather a moot point. It just seems to me that mail arriving from the network shouldn't have the headers "improved" if it isn't necessary (which should only be the case when forwarding to a mail environment which uses different header conventions). The result is that both machines (yours and his) have mailers that do the wrong thing, his generates invalid headers, yours makes gratuitous changes to these headers. BTW, his is a VAX/VMS and yours is a 4.2BSD Unix, have these systems ever disagreed before :-)? Mike Patton, Network Manager Laboratory for Computer Science Massachusetts Institute of Technology P.S. You should probably have chosen a better subject line for your message. Disclaimer: The opinions expressed above are a figment of the phosphor on your screen and do not represent the views of MIT, LCS, or MAP. :-)