SOBER-I
Alan Cragg - Lists
acragg-lists at CTF.COM
Tue Nov 23 20:20:56 GMT 2004
If I don't block it I get about 5,000 infected mails/day.
Alan Cragg
I.T. Manager
9 Burbidge Street tel: (604) 472-2412
Coquitlam BC fax: (604) 472-2345
Canada V3K 7B2 pager: (604) 622-3370
acragg at vsmmedtech.com
http://www.vsmmedtech.com/
-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK] On
Behalf Of James R. Stevens
Sent: Tuesday, November 23, 2004 12:18 PM
To: MAILSCANNER at JISCMAIL.AC.UK
Subject: Re: SOBER-I
Since 11/19/2004 we have seen 40+ of the Sober-I. We process around 1000
emails on any given day. They seems to come from only 3 source IP's. We
are the Primary MX for the domain and are handling the amount of Viruses
just fine.
How many messages do you process per day?
-----Original Message-----
From: Kevin Miller [mailto:Kevin_Miller at CI.JUNEAU.AK.US]
Sent: Tuesday, November 23, 2004 2:05 PM
To: MAILSCANNER at JISCMAIL.AC.UK
Subject: Re: SOBER-I
Alan Cragg - Lists wrote:
>
> Does anyone know of a better way to block this without having to block
> our secondary mail server?
> Is it a performance tuning issue? We are using MailScanner 4.35.11 and
> Sophos AV, not SAVI, and SA 3.0.1.
Had a similar situation a while back. Instead of blocking my secondary,
I
used the access table in it's sendmail to drop inbound connections from
the
offending IP. That way, I could continue to receive valid email on the
secondary from elsewhere but not plug the queues with virus laden
emails. I
had the advantage, of course, of owning our secondary.
Do you have shell access to the secondary? If not, I'd try to get your
ISP
to block that address.
I also notified the sender's ISP so they could notify the owner of the
infected machine.
Good luck...
...Kevin
--
Kevin Miller Registered Linux User No: 307357
CBJ MIS Dept. Network Systems Admin., Mail Admin.
155 South Seward Street ph: (907) 586-0242
Juneau, Alaska 99801 fax: (907 586-4500
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
Support MailScanner development - buy the book off the website!
--
This message has been scanned for viruses and
dangerous content by Athens Hyperion Scanner, and is
believed to be clean.
--
This message has been scanned for viruses and
dangerous content by Athens Hyperion Scanner, and is
believed to be clean.
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
Support MailScanner development - buy the book off the website!
CONFIDENTIALITY NOTICE.
The information contained in this communication is confidential and/or
proprietary business or technical data. If you are not the intended
recipient, you are hereby notified that any use, dissemination, copying
or distribution of this communication is strictly prohibited. If you
have received this communication in error, please immediately notify us by
telephone (604) 472-2300, or electronically by return message, and
delete or destroy all copies.
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
Support MailScanner development - buy the book off the website!
More information about the MailScanner
mailing list