bouncing SoBig.F mail (was: RE: SoBig.F strange problem)

["Alan Rouse" <ARouse () n2bb com>]

Doesn't this just result in sending spam to innocent parties?  Remember,
the addresses are spoofed.  Seems to me it just doubles the amount of
bogus mail flying around as a result of SoBig.F.  I've been seeing this
kind of messages, and I don't need the additional spam!  

IMO it is much better just to drop the message and forget it.

-----Original Message-----
From: Stephen Clowater [mailto:steve () stevesworld hopto org] 
Sent: Wednesday, August 20, 2003 10:26 AM
To: full-disclosure () lists netsys com
Subject: Re: [Full-disclosure] SoBig.F strange problem


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I started getting 1000-2000 an hour yesterday, I just went to all the
border routers and put a filter on 25 to drop those connections and send
a notice to the From feild of the smtp query, and a QUIT to the
mailserver it was connecting to.

I'd recomend doing this, its easy to do in freeBSD, all my borders are
freeBSD so I havent tried it on anything else yet :)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html