This may explain why I haven't seen the virus come knocking at our mail server (nope, not one). We only have a primary MX (10) set up and pentiary (50) mail relay upstream which is maintained by our provider. Curious... John -----Original Message----- From: Jerry Shenk [mailto:jshenkat_private] Sent: Monday, August 04, 2003 11:43 AM To: incidentsat_private Subject: RE: WORM_MIMAIL.A Anyone have any info on what this does yet? Ya know, I thought it was just a coincidence but I saw some instances of this going through our mail scanner and it seemed like it might have gone through a secondary MX also. We hadn't really dug into it but seeing somebody else mentioning it does make it look like it may be a design issue. I'm gonna dig into this a little more. -----Original Message----- From: att13543 [mailto:skidat_private] Sent: Monday, August 04, 2003 9:54 AM To: incidentsat_private Subject: RE: WORM_MIMAIL.A Anyone have any info on what this does yet? I'd be interested if anyone can correlate what I've seen: we have 2 MX records, one weighted at 10 (primary) and one at 20 (secondary). Of the 200 or so MiMail's we've seen 100% have come through our SECONDARY mail server. Maybe the SMTP engine was written poorly, or maybe it was this way on purpose? _________________________________________________________________ MSN 8 helps eliminate e-mail viruses. Get 2 months FREE*. http://join.msn.com/?page=features/virus --------------------------------------------------------------------------- ----------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Tue Aug 05 2003 - 15:44:20 PDT