Sober (Was Re: [Mimedefang] code 421 and filter_sender)
Mike Batchelor
mike at batch.com
Tue Dec 6 22:05:55 EST 2005
On 12/6/05, Paul Whittney <pwhittney at net.arrivetech.com> wrote:
> Remember, the reason the emails are knocking on your
> server's door is that an infected machine has your users email address
> somewhere on their system (okay, thats a bit too simple, as it could be
> going through cached/saved files looking for emails, but still..).
>
> Do it nicely, and not by saying "hey, you're infected, stop it!". Offer
> logs, if needed. What do you get out of it? Less infected emails! Isn't
> that the point? Deal with the problem, not the symptom. Its like Dshield
> for emails ;-P
Oops, I wanted to reply to this, too, but forgot to quote it!
My company's MDSA servers receive about 400-500 worms a minute. It is
not practical for me to follow up on them in the way you propose. I
used to do that, but there is just too much volume now. My main
concern is keeping them away from our users, and not causing NDR
backscatter if I can help it.
More information about the MIMEDefang
mailing list