• skip to sidebar
  • skip to search box

trainedmonkey

by Jim Winstead Jr.

August, 19, 2003 archives

virus-checking mail servers

having a mail server that checks your incoming (and outgoing!) mail for viruses is a very good thing.

having a mail server that sends bounce messages in response to viruses that are known to forge the message sender is a very, very bad thing.

as far as i can tell, i have received exactly zero copies of the latest sobig virus today because it has been blocked by various mail filters doing their job (mostly the klez_filter plugin for qpsmtpd). i have, however, received hundreds of bounce messages from mail servers as the result of the damn thing.

(by way of stats, my mail server rejected 42 mails with the klez_filter plugin. the lists.mysql.com server rejected 2377. i wish i had a little more time to play with tuning the spam filters on both machines, because the cat-and-mouse nature of it can be entertaining, but i unfortunately have better things to do.)

» Tuesday, August 19, 2003 @ 7:54pm » Comment

viruses that spoof the sender address

the register hints at the chaos caused by auto-responding to viruses that spoof the sender, and jupitermedia got hit especially hard because it also uses admin@internet.com.

sobig's built-in smtp server appears to get tripped up by the check_earlytalker plugin for qpsmtpd.

to deal with some of the worm-induced bounces hitting lists.mysql.com, i implemented a simple check_badbounceto plugin to identify addresses that should not receive bounces because they don't send mail. it seems to have been fairly effective.

» Wednesday, August 20, 2003 @ 5:01pm » 1 comment, add yours
« Monday, August 18, 2003 • Wednesday, August 20, 2003 »
  • Home
  • About
  • Archive
  • Bookmarks
  • Photos
  • Projects
  • GitHub
  • @jimw@mefi.social

Dedicated to the public domain by Jim Winstead Jr.