Re: [Exim] Blocking sobig 'I Blocked sobig' messages

Hi Russell!

> With that in place, I see the following in my logs:

> 2003-08-20 23:31:52 19pbUe-0001XX-Mz <= xxxxxxxx@???
> H=xxxxxxx.gotadsl.co.uk (FEARLESSJUDY) [xxx.xxx.xxx.xxx] P=esmtp S=915
> 2003-08-20 23:31:52 19pbUe-0001XX-Mz => blackhole (DATA ACL discarded
> recipients)

> In all likely event, the guy at hotmail didn't send the message from
> gotadsl.co.uk, so causing a bounce message to be sent to hotmail just
> adds to the overall problem.

Please keep in mind that what you see is the worm connecting to your
MTA from xxxxxxx.gotadsl.co.uk. It doesn't matter if you reject or
discard the message at DATA time, because the worm is unlikely to
generate a bounce message to its own forged return address. Or does
it?

Andy