Viruses from one IP - trend?
Frank Louwers
frank at OPENMINDS.BE
Wed Jun 23 16:51:03 IST 2004
On Wed, Jun 23, 2004 at 11:43:04AM -0400, Matthew K Bowman wrote:
>
> 1. blacklisted their IP forcing the email to be tagged as {SPAM?} and
> spam action to delete
> 2. put their IP in /etc/mail/access with 'DENY'
Another thing to note about this nasty virus is that it ignores the MX
records for a domain. If it wants to hit foo at bar.tld, it tries to
connect directly to port 25 of bar.tld, even if bar.tld has MX records.
This kinda sucks when you have a smtpd without mailscanner running on
bar.tld (eg because it is your webserver).
So time to check those firewall rules or to make sure there is no
listening smtpd on your webservers...
Kind Regards,
Frank Louwers
--
Openminds bvba www.openminds.be
Tweebruggenstraat 16 - 9000 Gent - Belgium
-------------------------- MailScanner list ----------------------
To leave, send leave mailscanner to jiscmail at jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/ and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
More information about the MailScanner
mailing list