Sobig.F resurgence
Dustin Baer
dustin.baer at IHS.COM
Mon Sep 8 13:56:09 IST 2003
Kevin Spicer wrote:
>
> The Sobig virus uses its own SMTP engine to send directly to your server
> (unless you're using an ISP's server that you have no control over as a
> secondary queueing MX and it hits that first). Therefore rejecting the
> message with a 550 error would normally cause the _remote_ MTA to
> generate a bounce to the 'sender'. Since in this case that 'remote MTA'
> would be the virus itself it is not going to produce a bounce message,
> instead just silently ignore the error. Therefore (with the exception
> of the case mentioned above) the only time this ruleset should cause
> someone to receive a bounce from their local MTA is when they have sent
> a genuine message which happens to use that subject. In this scenario I
> think it is appropriate to issue a 550 response rather than silently
> dropping the mail.
I stand corrected.
Dustin
--
Dustin Baer
Unix Administrator/Postmaster
Information Handling Services
15 Inverness Way East
Englewood, CO 80112
303-397-2836
More information about the MailScanner
mailing list