[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] Mailscanner not getting viruses all the time

Subject: Re: [cobalt-users] Mailscanner not getting viruses all the time
From: "Al-Juhani" <aljuhani@xxxxxxxxx>
Date: Wed Feb 11 11:22:01 2004
List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>

> >Hi
> >
> >I have a setup like this:
> >
> >
> >internet
> >    |
> >    |
> >    v
> >primary MX
> >[RaQ3 running Mailscanner/clamav/spamassassin]
> >    |
> >    |
> >    v
> >secondary MX
> >[another RaQ3]
> >
> >
> >Today one of the users told me that he gets alot of (what I think) is
> >MyDoom/worm.SCO even though hes mails are handled by this scanning
> >chain.
> >
> >I can see from the log that ALOT of worm.SCO's hitting the mailboxes
> >handled this way, so I cant figure out how the virus mails gets past
> >this setup?
> >
> >Has anyone experienced the same og maybe knows what could be wrong?
>
> How does the Internet know to deliver mail to the primary MX server? By
> what mechanism does the primary MX forward the mails onto secondary MX?
Are
> you using RBL's at all as part of your primary MX server Sendmail config
or
> through the MailScanner config?
>
> For example, if the Internet delivers your customer domain email with
> primary MX set as the primary MX record in DNS and the secondary MX as a
> backup server, then it would be possible for the primary MX to reject the
> mail connection based on an RBL check but the sending server doesn't give
> up. It then tries to deliver to the next priority MX server listed by DNS.
> In your example this would mean the secondary MX then I presume it would
> miss out the virus checks.
>
> I would also check whether your customer is really getting the virus mails
> or rather just the warning messages generated by MailScanner.
>
>          Dan
>

Dan you are right if his user is checking email directly from the secondary
mail server but with normal primary/secondary setup, emails routed
throught the secondary has to eventually go back to the primary
that is monitored by mailscanner.

BTW our mailscanner is detecting the MyDoom.A and .B.  We are using
Steve Bassi package with F-Prot.

Thanks Steve:
http://www.yetiservices.com/raq/steve_bassi.html


Al-Juhani
aljuhani@xxxxxxxxx

Follow-Ups:
- Re: [cobalt-users] Mailscanner not getting viruses all the time
  - From: Dan Houghton

References:
- [cobalt-users] Mailscanner not getting viruses all the time
  - From: Kim Schulz
- Re: [cobalt-users] Mailscanner not getting viruses all the time
  - From: Dan Houghton

Prev by Date: Re: [cobalt-users] Mailscanner not getting viruses all the time
Next by Date: RE: [cobalt-users] RaQXTR: CLI administration -- useradd
Previous by thread: Re: [cobalt-users] Mailscanner not getting viruses all the time
Next by thread: Re: [cobalt-users] Mailscanner not getting viruses all the time

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index