F-prot update

Kai Schaetzl maillists at CONACTIVE.COM
Sat Mar 6 13:31:32 GMT 2004


Rick Cooper wrote on         Sat, 6 Mar 2004 07:26:40 -0500:

> It's a question of how much is too much. MS is not the only
> player in the virus/spam game. I actually have seen little in
> terms of viruses because they are generally not very rfc
> compliant so they are stopped in the smtp session. When Netsky,
> Bagle, and MyDoom came around I saw/see little of the actual
> virus in my logs what I saw a huge increase in helo rejects
> because the host name was not FQDN ( a lot of names like SAM, or
> Bill, or SERVER), or no Message-Id, etc. The MTA can stop a lot
> of both spam and viruses if you just work on your access lists a
> bit (which is a very easy thing with exim's acls).
>

Indeed, with a little help from RBLs at MTA level, your own access list
specializing in dialup/dynamic ranges and HELO checking you reject almost
all worms (and a lot of spam as well) already at MTA level. At the moment
we need to process only about 10-40% of the mail we get (depending on how
active some mailing lists are :-) because all the rest is bounced. Almost
no viruses seen.


Kai

--

Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com
IE-Center: http://ie5.de & http://msie.winware.org



More information about the MailScanner mailing list