Re: MS mail bombs
Bob McElrath said:
> Wayne Gemmell [wayneg@ananzi.co.za] wrote:
>> > >>>"Walt L. Williams" <wwilliams@intergate.com> wrote:
>> > >>>>Is there anyone else out there being mail bombed with emails
>> > >>>>that look like there from M$? The rate at which their coming
>> > >>>>is increasing exponentially.
>>
>> I recieved 10Mb of mail over the weekend, and I the last 12 hours I
>> recieved
>> another 10Mb. I have a 10Mb internet based, downloadable mailbox and at
>> this
>> rate I should recieve mail for 3 hours tomorrow before it becomes
>> flooded!
>> Its very disturbing. I'd love to get my hands on the person responsible
>> for
>> this!
>
> I hit 150MB this morning before setting up some rules to drop these
> mails in /dev/null.
I guess that's as effective for reducing the bulk of your inbox as sending
"550 executables not accepted", especially if you don't have control over
the mail server and you match this virus with 100% accuracy.
Either way, /dev/null or 550 after DATA crlf.crlf you've recieved the
whole message.
The 550 would inform the sender of a non-automated message that your
server didn't accept delivery based on content. This of course means you
are scanning for bad content during the SMTP delivery session. I think it
is a bad idea to post-delivery 'bounce' an email or to forward an email to
the recipient if you found a virus in it. The 'sender' and 'reciever' in
the From: and To: headers are almost definatly forged.
>
> Are they targetting mailing lists exclusively? Why are other people not
> getting bombed?
>
Other people don't participate as activly in the internet community?
On this list people have said that Swen gathers emails from different
places including usenet, and that debian-user is mirrored to usenet. There
are a few threads running right now on topics from procmail to mail bombs
that I believe were all kicked off by our mailboxes suffering the effects
of Swen.
--
Jacob
Trying out SquirrelMail
Reply to: