> the customer has *not* pointed the MX for their domain to us yet.
> that will happen tonight. however, the customer has reported that
> several of their accounts have received virus-laden email. it took a
> while to figure it out - apparently the virus is hitting our POP
> server, which is not an MX, and I guess happened to be bearing
> viruses intended for the domain that *is* set up on the server - so
> the server dutifully delivered the 'messages'.
it's probably set up as mail.example.com, where example.com is the domain that
is being pointed over to the new system.
i wish it were that simple. here's the header, with assorted bits obfuscated for customer privacy:
- Return-Path: <[EMAIL PROTECTED]>
- Delivered-To: [EMAIL PROTECTED]
- Received: (qmail 12860 invoked from network); 22 Jun 2005 04:13:34 -0000
- Received: from unknown (HELO scapevelocity.com) (210.18.120.34)
- by pop.smileglobal.com with SMTP; 22 Jun 2005 04:13:34 -0000
- From: [EMAIL PROTECTED]
- To: [EMAIL PROTECTED]
- Subject: Hello
- Date: Wed, 22 Jun 2005 09:41:35 +0530
- MIME-Version: 1.0
- Content-Type: multipart/mixed;
- boundary="----=_NextPart_000_0013_06F33F3E.1EC6B4FD"
- X-Priority: 3
- X-MSMail-Priority: Normal
- Delivered-To: [EMAIL PROTECTED]
simply remove the domain from the rcpthosts file on the non-MX servers and no
mail will be able to come in for that domain there.
well, sure, i could do that, but then when they cut over here it'll bollox everything up. the domain has to be in rcpthosts on the POP server - heck, vpopmail maintains the rcpthosts/morercpthosts automatically on the POP server. I'm not clear how the server would accept new incoming mail for the domain from my own servers once the MX does cut over here if there's no entry in rcpthosts.
http://www.anastrophe.com
http://www.smileglobal.com
