Goesta Smekal wrote: >I do a similar thing for two months : Every mail reportet to be infected gets a >second treatment: > >* look for originating IP (of SMTP envelope, _not_ headers) >* resolve its domain >* get the MX for that domain >* if the IPs are not equal, block the host, since it is an infected, non MX >host. > >This approach works _very_ fine (not a single complain ever since, opposed to >three complaints due to RDNS check, which started the same time) the SMTP load >actually is _reduced_ and the "SNDRIP=EIPSPAM" is constantly rising :-) .... and >of course the virus/day rate is sinking. > >Since hosts that send you a virus nowadays are very likely sending you the same >stuff again soon, blacklisting (IMHO) is a valid option combined with scanning. > > > Actually a great idea, because 99.999% of the people who would have a legitimate use for sending you SMTP directly (Running a mailserver or whatever) are computer-literate enough to avoid getting hit by all that virus junk.. So the chances of blocking anyone who's running a mailserver at home (Like me, and yes, my ISP allows that) are slim to none, and if he's blocked, he deserves it..
Care to share that filter? - To unsubscribe from this list: send the line "unsubscribe xmail" in the body of a message to [EMAIL PROTECTED] For general help: send the line "help" in the body of a message to [EMAIL PROTECTED]
