sobig.f and secondary MX

[mikea]

On Thu, Aug 21, 2003 at 02:49:52PM -0500, mark david mcCreary wrote:
> My secondary MX machine is having a hard time keeping up with the
> mailscanning of so many sobig.f virus infected emails, while my
> primary MX machines are not.
>
> I have found some clues that sobig.f's SMTP engine likes to send to
> the secondary MX machine.
>
> What happens if I keep my secondary MX machine off line for a few days.
>
> Does anybody know what sobig.f does when it can't get thru to the secondary MX.

Well, since the idea of the secondary MX is to be there in case the
primary isn't accepting mail for some reason (e.g., load too high,
network dead, machine dead), you'll lose that redundancy.

OTOH, since MXen aren't necessarily maintained by the same people who
maintain the primary MX, they don't necessarily have the same suite
of protections, and so pulling the secondary MX may remove some
vulnerabilities. Secondary/backup MXen aren't as necessary now, with
network and system uptimes being what they are, as they used to be.

--
Mike Andrews
mikea at mikea.ath.cx
Tired old sysadmin since 1964