Re: [Exim] Blocking sobig 'I Blocked sobig' messages

Top Page
Delete this message
Reply to this message
Author: Russell King
Date:  
To: Andreas J Mueller
CC: exim-users
Subject: Re: [Exim] Blocking sobig 'I Blocked sobig' messages
On Thu, Aug 21, 2003 at 08:24:10PM +0200, Andreas J Mueller wrote:
> Hi Russell!
>
> > With that in place, I see the following in my logs:
>
> > 2003-08-20 23:31:52 19pbUe-0001XX-Mz <= xxxxxxxx@???
> > H=xxxxxxx.gotadsl.co.uk (FEARLESSJUDY) [xxx.xxx.xxx.xxx] P=esmtp S=915
> > 2003-08-20 23:31:52 19pbUe-0001XX-Mz => blackhole (DATA ACL discarded
> > recipients)
>
> > In all likely event, the guy at hotmail didn't send the message from
> > gotadsl.co.uk, so causing a bounce message to be sent to hotmail just
> > adds to the overall problem.
>
> Please keep in mind that what you see is the worm connecting to your
> MTA from xxxxxxx.gotadsl.co.uk. It doesn't matter if you reject or
> discard the message at DATA time, because the worm is unlikely to
> generate a bounce message to its own forged return address. Or does
> it?


Good point. However, if it comes via another MTA, it will cause a bounce
to be sent to some poor unsuspecting individual who is probably already
pulling their hair out trying to keep the stuff out of their system...

--
Russell King (rmk@???)                The developer of ARM Linux
             http://www.arm.linux.org.uk/personal/aboutme.html