--On 8 August 2008 14:16:49 -0400 "David F. Skoll" <[EMAIL PROTECTED]> wrote:
> Tilman Schmidt wrote: > >>> telnet isps-smtp-server 25 > >> In my experience that's very unusual behaviour for a virus. >> The vast majority try to connect directly to the recipient's MX. > > I see both. Regardless, your responsibility as an MTA operator is to not emit backscatter. You can't be held responsible for backscatter emitted by an ISPs MTA when it hasn't detected a virus. The ISP should be requiring the sender to use authenticated, encrypted SMTP, and the ISP should be able to detect forged sender addresses (they ought not to accept sender email outside of domains that they own), and should treat them with great suspicion when they do. In fact, if you accept the email, then silently discard it, then you effectively endorsing the validity of the email. You'll be improving the reputation of the original sender in the eyes of the ISP. -- Ian Eiloart IT Services, University of Sussex x3148 _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml