Re: [Exim] W32/Sircam worm

Top Pagina
Delete this message
Reply to this message
Auteur: Suresh Ramasubramanian
Datum:  
Aan: 'exim-users@exim.org'
Onderwerp: Re: [Exim] W32/Sircam worm
Phillips, Alan [exim-users] <25/07/01 11:23 +0100>:
> Does anyone know how the SMTP engine in SirCam actually works? Does it simply
> try to find an A record for the target domain, or is it smart enough to do MX
> lookups? Or does it do something like assume a machine called "mail" in the
> default domain is a smarthost?


I haven't analyzed it - but smtp engine or not, it seems to just deliver to
the user's smarthost / smtp server for forwarding.

I haven't seen too many direct to MX connections from my luzers, most of whom
have got themselves infected, despite dire threats of bodily harm from us
long suffering admins :)

    -suresh


--
Suresh Ramasubramanian <--> mallet <at> efn <dot> org
EMail Sturmbannfuhrer, Lower Middle Class Unix Sysadmin