[Mimedefang] Blocking IP #
Chris Gauch
cgauch at digicon.net
Thu May 5 13:07:28 EDT 2005
> --On Thursday, May 5, 2005 12:05 -0400 Chris Gauch <cgauch at digicon.net>
> wrote:
>
> > A particular client of ours has only 5 accounts on his own Sendmail SMTP
> > server and threw out 300,000 instances of Sober.P yesterday. We have
> > thousands of accounts on our server that does about 1 million
> messages/day
> > and we threw out roughly 16,000 Sober.P messages yesterday (which is
> > definitely 100x the amount of viruses that we normally discard on any
> > given day). The client's mail server is running an ancient version of
> > Sendmail and is poorly configured, so I'm sure that has something to do
> > with the number of viruses his server must deal with and discard.
>
>
> We had 250,000 Monday, 490,000 Tuesday, and 452,000 Wednesday.
>
> The distribution of the attack may be strange. This is the largest
> email virus outbreak we have ever seen here, but it's not making the
> news media. Has this become a dog bites man story, or are we really
> getting more than most places?
>
> Anyway it is not because of ancient server software :-)
Are you using greylisting? You definitely have us beat with the instances of
Sober.P that your mail server has encountered. We've seen a huge increase
in the amount of viruses we deal with, but most of these Sober.P's never
make it beyond the 3-second sendmail 8.13.x greet delay or our greylisting
policies. Those who make it beyond that are thrown out with every other
Windows executable that tries to sneak through our filtering cluster...
- Chris
------------------------------------------
Chris Gauch
Systems Administrator
Digicon Communications, Inc.
http://www.digiconcommunications.com
cgauch at digicon.net
More information about the MIMEDefang
mailing list