From: "Brandon S. Allbery KF8NH" <[EMAIL PROTECTED]> > On Tue, 2003-08-19 at 18:03, Bill Moran wrote: > > Just curious if anyone knows the origin of all these auto-responses, etc. > > > > I'm seeing a lot of these on every list I'm subscribed to (not all of them > > FreeBSD related) so I was wondering if some Windows trojan is running rampant > > and using these list addresses as return addys? > > It's W32/[EMAIL PROTECTED] It's spreading *fast*.... > The first day it appeared, I received 8000+ virus and virus warning messages in my inbox. The only way I could stop it from filling my inbox was to change my e-mail address, and place a permanent failure code in the access table for the old address. But, our mail server was still getting a Denial of Service, since it would max out the connections to both our primary and secondary mail servers. Today I believe I have solved the problem. I wrote a couple of scripts, that retrieves the IP address from the maillog for all servers/virus infected systems that are using the old email address. Then I setup IPFW to deny access to port 25 for these IP addresses. So far IPFW is dening access to our mail servers for 30,000 Class C's (/24).
Scot _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "[EMAIL PROTECTED]"