http://news.com.com/Zombie+trick+expected+to+send+spam+sky-high/2100-7349_3-5560664.html?tag=nefd.top
You are an ISP providing email submission via your mailbox server or direct-to-imgate where your IPs are trusted for relaying by IP, instead of via SMTP AUTH. This attack could overwhelm your IMail and/or IMGate. One short-term tactic would be for IMGate not to trust IMail's IP for relaying via mynetworks, but to run SAV/RAV before permit_mynetworks. If your subscriber networks were infected with this trojan and relaying out through IMail + IMGate, pflogsumm would show large quantities of SAV/RAV rejects of mail from your mailbox server. This would keep IMGate from being swamped with undeliverable msgs, but the mailbox server would be swamped instead, having accepted/queued the msgs as deliverable only to find IMGate rejecting them. Len
