Re: [Exim] MyDoom filtering?

Top Page
This message is part of the following thread:
M\the complete thread tree sorted by date
MMChris Edwards at <-
MMMatthew McClement at ->
Delete this message
Reply to this message
Author: David Woodhouse
Date:  
To: Chris Edwards
CC: Exim-users
Subject: Re: [Exim] MyDoom filtering?
On Sat, 2004-01-31 at 13:22 +0000, Chris Edwards wrote:
> | The ones with Message-ID have probably gone through an intermediate
> | server -- possibly an MX backup on the receiving side, or an outgoing
> | smarthost on the sending side. That intermediate box could send a
> | bounce.

> There too aren't many of those.

This is my experience too -- but Matthew reported that blocking messages
without Message-ID 'caught only a small number of cases' though. I'm not
really sure why; I suspect his incoming mail comes through a box which
adds its own Message-ID, perhaps. Looking at the hostname in the
Message-ID of the offending messages, and at the Received: headers,
would shed some light on the reason.

> ALSO, note that to due basic relay restrictions, the relaying MTA here is
> not an innocent party for another reason - it *must* be the smarthost of
> the ISP providing network service to the infected PC.

Unless it's on your own _incoming_ path. Many people have MX backups
which are a lot more permissive than the primary.

In fact, it occurs to me that on my home box I'm also bouncing messages
with Message-ID matching @punt-[0-9].mail.demon.net, because Demon
insist on having the MX records for my dialup machine pointing to their
own servers rather than at mine, and they accept a lot of crap which I
don't want.

--
dwmw2




This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [Exim] MyDoom filtering?[Exim] relay by IP->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)