Re: [Exim] MyDoom filtering?

On Tue, 2004-01-27 at 20:21 -0500, Greg A. Woods wrote:
> It might be worthwhile campaining one or more of the current DNSBL
> operators to consider adding a blacklist for those who either bounce
> viruses or who defang them and then deliver the notice on in such a way
> that the recipient can't recognize them for what they were.

That's a useful idea.

In the meantime I'm severely tempted to observe that the cluelessness in
thinking it's appropriate to send a _response_ to these messages is
often associated with cluelessness in selecting the address to send the
response to, and cluelessness in responding to bounces...

I'm half tempted to start sending the offending servers messages
ostensibly from one of their own users, with an EICAR test string in the
body and/or the subject (in the hope that it'll be more likely to be
quoted in the response). With a bit of luck they'll be broken in more
than the obvious way, and they'll mailbomb themselves to death. :)

> This new mess has created so much noise for me that I'm getting close to
> wanting to outright block any and all sites which can't reject unknown
> recipients at SMTP time.

That's a little excessive to be useful in the general case -- it's like
checking for pedantically correct reverse DNS; too many people find it
too hard to make it work, especially for backup MX servers. Yes, in an
ideal world it'd be great. Some of us have to live in the real world
though.

--
dwmw2