On Mon, Aug 25, 2003 at 10:13:18PM +0200, Guillaume Rousse wrote: > Ainsi parlait Keld J�rn Simonsen : > > How can you stop the virus flooding in cooker? > > > > And the MTA should not send any messages back when this is done, as the > > sender most likely is not the real sender. > the REJECT directive here just send the mail back to the real sender during > the STMP transaction, which is the virus here.
Hmm, has the virus implemented its own MTA? I know too little on the implementation on current sobit.f . But it is conceivable that it just uses the mta of the client system. If so, it is the normal error handling of the client system's MTA that then prevails and it will then send an error message back to the forget sender address. Or that the virus has an error handling that just sends the error message to the originator which it has forged too. The latter could generate some error mail loops... Well, I am not sure what to do. Let some people cleverer than me figure it out. Anyway the current sityation with sobit.f is unbearable. Any ideas on a good way to handle sobit.f? Best regards keld
