Re: [Exim] Blocking sobig.f

Top Page
Delete this message
Reply to this message
Author: Alan J. Flavell
Date:  
To: Exim users list
Subject: Re: [Exim] Blocking sobig.f
On Sun, 24 Aug 2003, David Woodhouse wrote:

> mail loop waiting to happen. Report this to them and to the abuse
> contact at their network provider.


Who's the network provider for *.army.mil? We got a load of those.

NAVMSE-EURCLS01-MAIL@??? ,
NAVMSE-RIACLS01MAIL@??? ,
NAVMSE-NH-33015-EXCH02@???

(do we see a pattern developing here? Looks like the real blame lies
with the software they're using, no?)

> I generally point out that further instances of this abuse will be
> considered a deliberate denial-of-service attack and will be treated
> accordingly.


I'm sure that'll have the US army quaking in their boots, along with
Mailsweeper@??? , JENSVirusCheckService@??? and a couple of
dozen more that went into our blacklist (including a fair-sized batch
of postmaster@... addresses which appeared as envelope-sender).

So yes, I'm sure we'd all agree on the principle, but sometimes it's a
bit hard to put it into practice.

cheers