|
Sender: |
|
Subject: |
|
From: |
|
Date: |
Sun, 1 Feb 2004 22:31:34 -0600 |
Content-Type: |
text/plain |
MIME-Version: |
1.0 |
Reply-To: |
|
You say "Yes, the list was send=owner" like that gives you some kind of
protection. If the list is not send=whatever,confirm then you only get a
false sense of security. Spoofing is becoming a major tactic of spammers
and virus authors. A spoofed owner's address will go right through such a
list. And most anti-virus software will only protect after a virus is
created, distributed, detected, diagnosed and an anti-virus solution is
created and distributed. There is a significant period at the beginning of
the life of a particular virus strain that it can spread almost un-impeded.
-----Original Message-----
From: Valdis Kletnieks [mailto:[log in to unmask]]
Sent: Saturday, January 31, 2004 12:27 AM
To: [log in to unmask]
Subject: Re: Repercussion of Viruses?
And make sure that your Listserv box is *really* "behind" the A/V software.
I just finished getting burnt (to the tune of at least 2.6 million RCPT TO
on one list alone - 50K+ subscribers, and 45 or so things that made it
through before our A/V got a pattern) pretty bad by this. (And yes, the
list was send=owner. Guess what spoofed From: we got by sheer bad luck. ;)
Discovered that although the MX for our Listserv box pointed at our 4
Mirapoint front-ends, that we'd still blindly accept unscanned mail from
machines that ignored the MX and connected directly to the IP address and
port 25. Whoops. ;) The borked firewalling ruleset has been fixed.
|
|
|