Len Conrad wrote: > >>As noted on the postfix-users list, the REJECT should be DISCARD due to the >>forged From:. > > > how would that help? > > The msg is rejected, not bounced, by IMGate so the sending MTA, not the > forged sender, sees the reject (the forged sender would see the bounce). > > By rejecting, the forged sender is protected from becoming a joe-job victim. > > Len
Sorry, just catching up. Here's what I posted to postfix-users re: reject vs. bounce for this one: >According to Symantec: >"Attempts to send email messages using its own SMTP engine. The worm looks >up the mail server that the recipient uses before sending the email. If it >is unsuccessful, it will use the local mail server instead." > >Assuming this is correct, it looks like it may use the infectee's server >in some cases. It seems this would include anyone using a provider which >blocks outgoing port 25. Someone confirmed they has seen this on coming in from "valid" mail servers. -- Chris Scott Host Orlando, Inc http://www.hostorlando.com/
