[clug] [AUSCERT ALERT - Email worm W32.Beagle.A/Win32.Bagle.A]
Matthew Hawkins
matt at mh.dropbear.id.au
Tue Jan 20 04:18:35 GMT 2004
Martin Pool said:
> http://lists.samba.org/archive/linux/2003-November/008734.html
>
> Your trolling is not welcome here.
If that's all you've got, you've a) misinterpreted a joke and b) quite
obviously missed the not-so-serious smiley at the end of that paragraph giving
it away, and goodness knows what else. Discussion closed, your evidence
speaks for itself and there's nothing further to be gained by continuing this.
> Many outgoing mail relays will pass all messages as long as they come
> from an authorized client, on the inside network. It's not an open
> relay. When the mail is rejected, they send a bounce to the forged
> address.
I think what you're trying to describe here is a semi-open relay; where any
address (read: we'll accept any old legit crap in front of the @ sign) at a
particular domain is permitted to relay, regardles of whether that "crap"
actually maps to a real person/mailbox.
> The vast majority of corporate and ISP mailservers are configured like
> this, and it is not generally a problem except for this case of
> viruses.
This is unfortunate, if its true. I class semi-open relays as only
half-fixing the problem, and half-fixing the problem isn't good enough.
> It is not an open relay.
It is, of a kind. A 300mL glass containing 150mL of water is both half-full
and half-empty, and all half-empty glasses are unacceptable.
> I don't care if it's clogged. I care about bounce messages going to
> third parties.
1) Close your semi-open relay
2) ???
3) Profit
Of course, I don't believe this will protect you from bounces from fully-open
relays (unless you happen to have that specific one blocked) and that sucks.
I've been caught on this once myself, so although quite rare it does happen.
--
Matt
More information about the linux
mailing list