Re: [Exim] Blocking sobig.f

Top Page
This message is part of the following thread:
M+----+\the complete thread tree sorted by date
MM+-+\MMDavid Woodhouse at <-
MMM\MMMMDavid Saez at ->
Delete this message
Reply to this message
Author: Alan J. Flavell
Date:  
To: Exim users list
Subject: Re: [Exim] Blocking sobig.f
On Sun, 24 Aug 2003, David Woodhouse wrote:

> mail loop waiting to happen. Report this to them and to the abuse
> contact at their network provider.

Who's the network provider for *.army.mil? We got a load of those.

NAVMSE-EURCLS01-MAIL@??? ,
NAVMSE-RIACLS01MAIL@??? ,
NAVMSE-NH-33015-EXCH02@???

(do we see a pattern developing here? Looks like the real blame lies
with the software they're using, no?)

> I generally point out that further instances of this abuse will be
> considered a deliberate denial-of-service attack and will be treated
> accordingly.

I'm sure that'll have the US army quaking in their boots, along with
Mailsweeper@??? , JENSVirusCheckService@??? and a couple of
dozen more that went into our blacklist (including a fair-sized batch
of postmaster@... addresses which appeared as envelope-sender).

So yes, I'm sure we'd all agree on the principle, but sometimes it's a
bit hard to put it into practice.

cheers


This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [Exim] Blocking sobig.fRe: [Exim] Block user-at-domain.tld file list->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)