[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20040303214831.1c7863de@roadwarrior.bluesuperman.com>
From: michael at bluesuperman.com (Michael Gale)
Subject: Backdoor not recognized by Kaspersky
Hello,
I suggest that most of you should subscribe to the postfix mailing
list, it will provide you with a deep understanding of mail and
what problems people face and how to solve them.
For example if a mail server is sending you mail you should not be
comparing it with some host name. Your mail server should how ever
verify that the from address or return address of a message is from a
real domain. So the message can be return / bounced if need.
Also do not except mail for users that do not exist ... I know that a
lot of Exchange servers and mis-configured front end mail servers accept
mail for anything at there domain and usually if the mail is junk or
from domains that do not exist.
Also sending millions of virus notification out to sends really does not
help since most of them will likely not exist. Either notify the admin
or the recipient.
These are some starting points, making sure that the email follows the
RFC's also help.
Michael.
On Wed, 3 Mar 2004 20:58:10 -0300
Rodrigo Barbosa <rodrigob@...spammers.org> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On Wed, Mar 03, 2004 at 04:51:40PM -0600, Ron DuFresne wrote:
> > > how about the smtp server simply rejecting mail from spoofed hosts
> > > ? as all the viruses generate spoofed hosts and it is very easy
> > > for any smtp server to do a dns lookup on the sending server, if
> > > the hostname / ip address do not match reject the message.
> > >
> >
> > Finally some sanity marks this thread!
>
> And now is my turn to untimely jump into the discussion.
>
> My feeling about this is that the MDA should not be responsible to
> reject the messages. At least, not always, the exception being
> networks where the security rules demand these messages to be
> automaticaly rejected.
>
> My idea is that the MDA simply tag the messages, and that the MUA,
> either localy or using some POP-like protocol, read the flag and,
> following users configurations, either dump or accept the message.
>
> This point comes to my mind after having serious problems with
> ISPs rejecting emails that were destined to me, but were not
> spam. Currently, I'm having serious problems receiving e-mails
> from a business partner at Korea, cause the ISP simply decided to
> drop all e-mails from that company's netblock.
>
> Mandatory restrictions and controls can easily became a problem
> as big as virus and spam (moneywise). The end point should be
> allowed some degree of control over that is received or not.
>
> We must keep in mind that even big companies can have DNS errors,
> and missconfigured mail server, and simply blocking that e-mail
> by default can cause severe losses, both of time and money.
>
> - --
> Rodrigo Barbosa <rodrigob@...spammers.org>
> "Quid quid Latine dictum sit, altum viditur"
> "Be excellent to each other ..." - Bill & Ted (Wyld Stallyns)
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.3 (GNU/Linux)
>
> iD8DBQFARnESpdyWzQ5b5ckRAnGqAKCmahEMf5ycqjzI3twFHhq2Axfb3ACgmp0c
> WXWyLSZwQgXqR33Wwi5z5+k=
> =VYWp
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
--
Hand over the Slackware CD's and back AWAY from the computer, your geek
rights have been revoked !!!
Michael Gale
Slackware user :)
Bluesuperman.com
Powered by blists - more mailing lists