2 MX Servers not Receiving Same Viruses

Patrick Cossette pcossette at AEI.CA
Fri Mar 19 03:57:42 GMT 2004


Another possibility: some viruses don't target the MX servers but they
target servers on their name basis, e.g. mail.domain.com or smtp.domain.com
or mx.domain.com, etc....

----- Original Message -----
From: "mikea" <mikea at MIKEA.ATH.CX>
To: <MAILSCANNER at JISCMAIL.AC.UK>
Sent: Thursday, March 18, 2004 5:48 PM
Subject: Re: 2 MX Servers not Receiving Same Viruses


> On Thu, Mar 18, 2004 at 03:32:33PM -0700, Daniel Straka wrote:
> > Hello List,
> >
> >   I'm Dan Straka, I work at Casper College in Casper, WY (USA),
> > www.caspercollege.edu. I've got my first question for the list.
> >
> > I've got 2 MX servers (with different cost values in DNS) and the
viruses
> > being intercepted by Sophos on these machines are not the same. For
> > instance, one is receiving Netsky and Bagle variations but the other one
> > is not. On the opposite machine, it's receiving Mymail and Sefex
> > variations but the other does not. I thought this is a bit strange.
> >
> > Question, does this have to do with the MX cost value being different in
> > DNS, or are the machines being targeted differently by the virused
email?
>
> Some ratware deliberately targets the highest-value MX, other ratware
> just goes for the lowest. I suspect that the thinking behind going for
> the most expensive is that it probably is a fallback server not under
> the direct control of the mailadmin, but configured and maintained for
> him/her by someone else -- not uncommonly in another organization --
> and hence may not have all the filters, up-to-date access list or
> equivalent, and so on.
>
> --
> Mike Andrews
> mikea at mikea.ath.cx
> Tired old sysadmin
>
>



More information about the MailScanner mailing list