Are these zombie machines also not trying to spread the same virus allowing them to exploit smtp to other machines? This was my understanding this occurred and my previous reference to using similar strategy with BlackIce blocking IP's for 24 hours with detected signatures. Thus also blocking Spam outgoing from these same machines.
The way it normally works is that the computer gets infected, and it either downloads a trojan horse then, or downloads it later -- but it starts spreading the virus immediately. Then days/weeks/months later, the spammer finds the infected computer, connects to it, and tells it to send spam. So blocking the IP for 24 hours (or until it has stopped sending viruses for 24 hours) helps reduce the load of a mailserver virus scanner, but doesn't help with spam. It's only later (much later) that the spam starts getting sent out.
These IPs are ones that should not be sending mail directly, so even if they are listed, it should not block their legitimate E-mail (which would go through the ISP's mailserver). The issue of mailservers getting listed accidentally for various reasons is one that we are going to be investigating.
-Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000.
Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection.
Find out what you've been missing: Ask for a free 30-day evaluation.
--- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
--- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
