Security Basics mailing list archives

Re: virus mail ignores MX?

From: "Paul Kurczaba" <paul () myipis com>
Date: Sun, 13 Jun 2004 20:46:35 -0400

Remove the MX and A entry "mail.xxxxx.com" for your domain. This will force
all emails to hit your "viruswall.xxxxx.com" server. Then set up your
viruswall to relay the messages to the IP of mail.xxxxx.com.

Yes, it is true that some viruses ignore MX.

-Paul Kurczaba
----- Original Message ----- 
From: "Monty Ree" <chulmin2 () hotmail com>
To: <security-basics () securityfocus com>
Sent: Friday, June 11, 2004 4:41 AM
Subject: virus mail ignores MX?

Hello, all.

I have some question about virus mail.
I have set viruswall about my domain and all mails should be sent first to
viruswall.

xxxxx.com.               86400   IN      MX      0 viruswall.xxxxx.com.

<--

viruswall
xxxxx.com.               86400   IN      MX      5 mail.xxxxx.com     <-- 
mail server

When I see virus mail header, like below.

Received: from test.com ([211.117.47.1])
by mail.xxxxx.com (8.11.6/8.11.6) with ESMTP id i5B8DdW02504
for <chulmin2 () xxxxx com>; Fri, 11 Jun 2004 17:13:44 +0900

some virus mails are filtered well at viruswall.
but other virus mails are not get through viruswall,
and go directly to mail.xxxxx.com. I think.

so I think some virus mail ignores MX, right?

What's the problem and how can I solve this problem?


Thanks in advance.

_________________________________________________________________
행운의 주인공이 이번엔 나일꺼야, 진짜루... 인터넷 복권
http://www.msn.co.kr/money/interlotto/


--------------------------------------------------------------------------

Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or

less

to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the

skills

of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
--------------------------------------------------------------------------

--




---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------

Current thread:

virus mail ignores MX? Monty Ree (Jun 13)
- Re: virus mail ignores MX? Andrej Kacian (Jun 14)
- Re: virus mail ignores MX? Paul Kurczaba (Jun 14)
- Re: virus mail ignores MX? die tuere (Jun 14)
- Re: virus mail ignores MX? Pierre-Yves Bonnetain (Jun 14)
- RE: virus mail ignores MX? Burton M. Strauss III (Jun 14)
  - Re: virus mail ignores MX? Ranjeet Shetye (Jun 21)
- <Possible follow-ups>
- RE: virus mail ignores MX? Joshua Vince (Jun 14)
- RE: virus mail ignores MX? Alan Greig (Jun 14)
- Re: virus mail ignores MX? Monty Ree (Jun 16)
  - Re: virus mail ignores MX? Mircea MITU (Jun 18)
- RE: virus mail ignores MX? Keith T. Morgan (Jun 22)