You say "Yes, the list was send=owner" like that gives you some kind of
protection.  If the list is not send=whatever,confirm then you only get a
false sense of security.  Spoofing is becoming a major tactic of spammers
and virus authors.  A spoofed owner's address will go right through such a
list.  And most anti-virus software will only protect after a virus is
created, distributed, detected, diagnosed and an anti-virus solution is
created and distributed.  There is a significant period at the beginning of
the life of a particular virus strain that it can spread almost un-impeded.


-----Original Message-----
From: Valdis Kletnieks [mailto:[log in to unmask]]
Sent: Saturday, January 31, 2004 12:27 AM
To: [log in to unmask]
Subject: Re: Repercussion of Viruses?

And make sure that your Listserv box is *really* "behind" the A/V software.

I just finished getting burnt (to the tune of at least 2.6 million RCPT TO
on one list alone - 50K+ subscribers, and 45 or so things that made it
through before our A/V got a pattern) pretty bad by this.  (And yes, the
list was send=owner.  Guess what spoofed From: we got by sheer bad luck. ;)

Discovered that although the MX for our Listserv box pointed at our 4
Mirapoint front-ends, that we'd still blindly accept unscanned mail from
machines that ignored the MX and connected directly to the IP address and
port 25.  Whoops. ;)  The borked firewalling ruleset has been fixed.