Jerry Shenk schrieb: > > Ya know, I thought it was just a coincidence but I saw some instances of > this going through our mail scanner and it seemed like it might have > gone through a secondary MX also. We hadn't really dug into it but > seeing somebody else mentioning it does make it look like it may be a > design issue. I'm gonna dig into this a little more. > > -----Original Message----- > From: att13543 [mailto:skidat_private] > Sent: Monday, August 04, 2003 9:54 AM > To: incidentsat_private > Subject: RE: WORM_MIMAIL.A Anyone have any info on what this does yet? > > I'd be interested if anyone can correlate what I've seen: we have 2 MX > records, one weighted at 10 (primary) and one at 20 (secondary). Of the > 200 or so MiMail's we've seen 100% have come through our SECONDARY mail > server. Maybe the SMTP engine was written poorly, or maybe it was this > way on purpose? Most of the SPAM i receive, comes by my secondary MX. The reason is simple: The secondary MX in most cases can not do receiver verification the same way a primary can. So SPAM can't be rejected at SMTP time. Torsten --------------------------------------------------------------------------- ----------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Mon Aug 04 2003 - 09:32:40 PDT