sobig virus

Ulysees Ulysees at ULYSEES.COM
Wed Aug 20 16:25:58 IST 2003 

if i want to send mail to user at yourdomain.com my mta needs to know what
server to talk to, it does this by doing a dns lookup for a MX record for
yourdomain.com.
The MX records are basically a list of servers that can accept mail for
yourdomain.com
they are assigned preferences, typically numbers like 10 or 20.
basically a smaller number means that that server is a higher preference and
it should be tried first.
lower preference mx's are typically used for backup purposes when the higher
ones are unavailable.

some more recent viruses have been targeting the lower mx records as
typically backup servers don't get as much attention as primary servers so
there's a better chance it will work.

Uly

----- Original Message -----
From: "Joe Stuart" <jstuart at EDENPR.K12.MN.US>
To: <MAILSCANNER at JISCMAIL.AC.UK>
Sent: Wednesday, August 20, 2003 4:17 PM
Subject: Re: [MAILSCANNER] sobig virus


> I dont know a whole lot about email could you please explain that a
> little more.
>
> Thank you
>
> >>> Ulysees at ULYSEES.COM 08/20/03 10:05AM >>>
> lower mx record ?
>
> i've noticed almost half of the ones i'm getting are being relayed via
> one
> of our lower preference mx's
>
> Uly
>
> ----- Original Message -----
> From: "Joe Stuart" <jstuart at EDENPR.K12.MN.US>
> To: <MAILSCANNER at JISCMAIL.AC.UK>
> Sent: Wednesday, August 20, 2003 3:50 PM
> Subject: [MAILSCANNER] sobig virus
>
>
> > I have Mailscanner running with f-prot and it seems to be stopping
> about
> > 10-15 viruses a minute which is extremely high vloume. It also seems
> > that a lot of them are getting through. A usual header of an email
> that
> > comes from the outside starts with
> >
> > Received: from scrubber.edenpr.org
> >         by edenpr.k12.mn.us; Wed, 20 Aug 2003 09:34:42 -0500
> >
> > the ones getting through seem to be starting with
> >
> > Recieved from PC2860
> >        (splkpark.k12.mn.us[204.169.235.111])
> >         by edenpr.k12.mn.us; Wed, 20 Aug 2003 09:32:28 -0500
> >
> > And they are all .pif's. Scrubber is the server with mailscanner on
> it.
> > I'm coinfused about the PC2860
> >
> > Thanks
> > Joe
> >
>

More information about the MailScanner mailing list