[Exim] Blocking sobig 'I Blocked sobig' messages

Startseite
Nachricht löschen
Nachricht beantworten
Autor: jvanasco
Datum:  
To: exim-users
Betreff: [Exim] Blocking sobig 'I Blocked sobig' messages
So yes. We've discussed blocking sobig at length today.

Now lets discuss the #2 threat to my email.

The unending barrage of MTA errors that sobig causes from spoofed from
addresses.

So far, I've gotten
    23 from AOL's Mail Delivery Subsytem - for user unknown or mailbox
full (70k a pop -- i can't believe i'm not getting more)
    3 in Czech(?) screaming "!!! POZOR !!!" because "ANTIVIRUS SYSTEM
FOUND VIRUSES"
    1 from "Sender, InterScan has detected virus(es) in your e-mail
attachment." - originating in italy


And a bunch of other ones that aren't as colorful -- just to my
spamtrap address.

Does anyone have an idea of what to do?

It makes me think into the future -- it would be kinda nice if MTA's
kept a DB of outgoing mails -- keys are ids, values are recipients.
The DB would flush values 72hrs or older. When the MTA receives a
reject bounceback, it would check to see if it actually sent that
message. If so -- relay the error to the sender. If not, the message
is a virusspoof or joejob, and it can just dev/null it. (or is this
just a bad idea?)

in any event, anyone have ideas for today?