On Tue, 15 Jun 2004 09:04:10 -0600,
administrator(_at_)yellowhead(_dot_)com wrote:
How is SPF faring against the Zafi.b virus. This Hungarian
originated virus
initiates a Dictionary attack on domain names that if finds on
the infected
machine. It does not use DNS to find the MX records, but instead guesses
the host name (such as 'mail' or 'mx'), prepends it to the
domain name, and
then proceeds with it's dirty work using Hungarian sounding names.
This answers a question of mine, my mail server has been
rejecting (before DATA) lots of email with a HELO of
"mail.princeweb.com" and apparently randon recipient names. I
now know they were not that random after all.
Anyway, not an SPF problem.
OT, but how you can deal with many viruses and spam engines
that forge the HELO to be either:
* The IP address of the target MTA
* The MX domain of the recipient domain
* The MX target A record of the recipient domain
* And now a valid A or MX record in the recipient domain
I am fortunate that my MTA allows me to block before data for a
selection of HELO validation checks, so this virus, like many
others did not make it very far at my domains.
There is also anti-virus software ;-)
______________________________________________________________
Email via Mailtraq4Free from Enstar (www.mailtraqdirect.co.uk)