> -----Original Message----- > From: [EMAIL PROTECTED] [mailto:mimedefang- > [EMAIL PROTECTED] On Behalf Of Joey McKnight > Sent: Thursday, May 05, 2005 11:50 AM > To: [email protected] > Subject: [Mimedefang] Blocking IP # > > Can you block emails using the access file in mimedefang. I'm getting > hammered by > virus, thankfully the filter server is stopping them all. > > > Thanks in advance. >
Good luck blocking each and every IP sending Sober.P viruses (I'm sure that's the one you're dealing with the most, as we've seen our virus activity go 20-fold since Monday). Some of those IPs may be spoofed or "zombie" networks that are constantly changing. You can take measures in both MIMEDefang and Sendmail to eliminate *some* of the virus activity. I've found that setting the "greet delay" in Sendmail 8.13.x holds off some viruses, greylisting also works quite well in forcing the infected PCs to retransmit the message. Another good suggestion that I received yesterday was to validate whether the PC is actually a *real* mail server with a valid DNS name (mail.<something>.com/net/org instead of location.ip-x-x-x-some-isp.net). A particular client of ours has only 5 accounts on his own Sendmail SMTP server and threw out 300,000 instances of Sober.P yesterday. We have thousands of accounts on our server that does about 1 million messages/day and we threw out roughly 16,000 Sober.P messages yesterday (which is definitely 100x the amount of viruses that we normally discard on any given day). The client's mail server is running an ancient version of Sendmail and is poorly configured, so I'm sure that has something to do with the number of viruses his server must deal with and discard. - Chris ------------------------------------------ Chris Gauch Systems Administrator Digicon Communications, Inc. http://www.digiconcommunications.com [EMAIL PROTECTED] _______________________________________________ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [email protected] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
