Viruses from one IP - trend?
Denis Beauchemin
Denis.Beauchemin at USHERBROOKE.CA
Wed Jun 23 16:55:57 IST 2004
Frank Louwers wrote:
>On Wed, Jun 23, 2004 at 11:43:04AM -0400, Matthew K Bowman wrote:
>
>
>>1. blacklisted their IP forcing the email to be tagged as {SPAM?} and
>>spam action to delete
>>2. put their IP in /etc/mail/access with 'DENY'
>>
>>
>
>Another thing to note about this nasty virus is that it ignores the MX
>records for a domain. If it wants to hit foo at bar.tld, it tries to
>connect directly to port 25 of bar.tld, even if bar.tld has MX records.
>
>This kinda sucks when you have a smtpd without mailscanner running on
>bar.tld (eg because it is your webserver).
>
>So time to check those firewall rules or to make sure there is no
>listening smtpd on your webservers...
>
>
That's the reason I like Red Hat's sendmail in recent releases (from RH9
on, I think): by default sendmail only listens to 127.0.0.1
Denis
--
_
°v° Denis Beauchemin, analyste
/(_)\ Université de Sherbrooke, S.T.I.
^ ^ T: 819.821.8000x2252 F: 819.821.8045
-------------------------- MailScanner list ----------------------
To leave, send leave mailscanner to jiscmail at jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/ and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
More information about the MailScanner
mailing list