Reporting viruses (was: Klez-G)

Richard Siddall richard.siddall at ELIRION.NET
Thu May 9 13:58:54 IST 2002


Julian Field wrote:
>
> Parsing out the domain and then guessing at the relevant postmaster address
> is almost impossible to do automatically. For example, if you sent it to
> "postmaster at xxx.yyy" as you suggest, and the message claims to have come
> from us, you would miss us completely as I am postmaster at vvv.xxx.yyy.zzz.
> Mailing postmaster at xxx.yyy would get you nowhere, apart from annoying the
> administrators for the entire UK academic community.
>
> And sending it to "postmaster at 130.85.253.53" will only work if they either
> have wildcard MX records (a very bad thing) or an MX record for every host
> in their domain (unnecessary). In our case, all mail leaves as
> foobar at ecs.soton.ac.uk and we just have MX records for ecs.soton.ac.uk, not
> every host.ecs.soton.ac.uk.
>
> So you see my problem...
>

Let me suggest integrating mailscanner with a distributed intrusion detection
system such as DShield or myNetWatchman.  They're in the business of finding the
right contact (and annoying the wrong people as part of that process).

Regards,

        Richard Siddall



More information about the MailScanner mailing list