[Mimedefang] Accuracy of infected IP in mdlog
Malcolm Valentine
mvals at tech2u.com.au
Mon May 17 09:49:48 EDT 2004
On Mon, 2004-05-17 at 17:14, Jerome Tytgat wrote:
<snipped>
> no, but I wonder what is the best :
> - telling the last relay is the spammer/infected computer
> which is wrong at 95% when there's several relays
Jerome,
If all networks had (a) administrators and (b) these admins
s cared about spam/viruses, they would have taken the several easy steps
required to ensure such unwanted traffic did not originate from (or
relay through) their networks. Ditto for your friends.
Unless your friends/associates are sending from fixed IPs, identifying
an infected email sent from them is next to impossible.
Identifying infected emails sent from your own internal networks is
trivial, as you've probably already discovered.
Spending extra time trying to identify and automatically notify
external sources is unlikely to give you the results you want. Unless
you want to read even more bounce messages ...
Regards,
Malcolm V.
PS: Yes, I'm in a grumpy mood, it took me three hours to get home from
work today :(
More information about the MIMEDefang
mailing list