- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- w32\sobig impact on mail servers, clients
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Forums
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-21-2003 07:52 AM
тАО08-21-2003 07:52 AM
w32\sobig impact on mail servers, clients
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-21-2003 07:55 AM
тАО08-21-2003 07:55 AM
Re: w32\sobig impact on mail servers, clients
I think you've probably pretty well summed it up! Is there anything else you'd like to discuss about it?
;^)
Pete
Pete
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-21-2003 08:17 AM
тАО08-21-2003 08:17 AM
Re: w32\sobig impact on mail servers, clients
I'm interested in whether my experience with this is in proportion to what others have seen, how much impact the "side-effect" messages have had (imagine sending notifications to "From:" addresses on virus messages--they've been 99% forged for a year or two), and what kinds of techniques have been used to manage the side effects. I have a rather ham-handed script that looks for the tell-tale "Re: blah-blah" subject lines in the queue and whisks them to quarantine once per minute. Since I'm also running Sophos mailscanner, there's enough of a delay between sendmail sweeps that I catch most of them.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-21-2003 08:50 AM
тАО08-21-2003 08:50 AM
Re: w32\sobig impact on mail servers, clients
For forgeries, add this to your sendmail.cf:
SIsYahoo
R$* yahoo.com $* $@ OK
R$* $#error $: "550 Access Denied. Forgeries are disallowed."
SLocal_check_mail
R$* yahoo.com $* $: $>IsYahoo $&{client_name}
Do that for all you want...see attachment for mine.
Rgds...Geoff
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-21-2003 09:22 AM
тАО08-21-2003 09:22 AM
Re: w32\sobig impact on mail servers, clients
Aug 21 10:38:40 myserver1 sendmail[19313]: h7LHceVQ019313: ruleset=check_rcpt, arg1=
Aug 21 10:38:40 myserver1 sendmail[19313]: h7LHceVQ019313: from=<>, size=3106, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=pop1.mail.iamworld.net [204.91.241.67]
I reject all email sent to my domain except for those id's that do exist....
Problem is, it's against the RFC to block from=<>
Sigh....meanwhile, my server wastes cpu cycles....
Rgds...Geoff
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-21-2003 09:27 AM
тАО08-21-2003 09:27 AM
Re: w32\sobig impact on mail servers, clients
Interestingly enough, I usually end up biting my cheek far more than my tongue. Go figure!
I'm somewhat removed from the whole mail process - my network boys have that little bundle of joy to deal with. I can tell you that they run Lotus Notes/Domino and have a dedicated server (running the whole Sweeper suite from Content Technologies) that filters and virus scans everything. My network guy said "about 150 per day this week". Makes me wonder why his count is so much lower than yours.
Pete
Pete
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-21-2003 12:09 PM
тАО08-21-2003 12:09 PM
Re: w32\sobig impact on mail servers, clients
I don't know about your scaling, but we have about 8500 e-mail accounts. On a normal day, I'll have about 200-500 virus "hits" on 20-25K received messages, and reject an additional 5-7K messages for spam characteristics, not counted in the 20-25K.
What's astonished me is the number of mail/firewall admins who have their virus scanners to send notifications to what are almost certainly forged addresses. Glad you have "network boys" to handle this for you--I'm the manager, chief technical architect, and lead mental health counselor for 10 people who support everything from desktops to the servers to the ATM switches. And, unfortunately, I understand the TCP/IP application layer protocols and their relationships better than any of them, so I generally end up doing the ad hoc mail combat in a situation like this.