Warning about dns-setup

Roald Amundsen roald.amundsen at BRIKKEN.NO
Mon Jun 14 18:15:51 IST 2004


Up until now I have used this method to relay mail for customers:

in zone-file:
@       IN      MX      10      mailscanner-machine
mail    IN      A       ip.add.re.ss

and in mailertable
domain.com              smtp:[mail.domain.com]

Well, it seems this was pretty stupid as some of the newest viruses
don't bother about looking up any mx-records, they just send to the
server named mail.domain.com, if that server doesn't exist they just
drop the address..

Luckily many of the customers were set up with firewalls closed for
anything but the mailscanner-machine, but still a bunch of viruses got
through to other setups. Specifically the Zafi virus, because probably
for the first time someone made a virus that sent a norwegian message to
norwegian addresses. Of course you click on a message that says
something about beautiful roses ;)

This is just a warning to everyone else, if you use a setup like this,
fix it before......

--
Mvh Roald Amundsen

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail at jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html



More information about the MailScanner mailing list