Security Basics mailing list archives

RE: virus mail ignores MX?

From: "Alan Greig" <Alan.Greig () Ogilvie co uk>
Date: Mon, 14 Jun 2004 09:50:37 +0100

Hi Monty,

When you check the message header has the message arrived straight at your Internet gateway or does it go through 
viruswall? If you are relying on viruswall as your only mail scanning solution then can I respectively suggest your 
current system design is flawed through the use of the second MX record.

If I were you I would consider removing the second MX record entry and reconfiguring your Internet Gateway to only 
allow smtp traffic from viruswall's servers. You could reinstate your backup mx record when you have implemented some 
form of local mail scanning.

Cheers.

Alan 



-----Original Message-----
From: Monty Ree [mailto:chulmin2 () hotmail com] 
Sent: 11 June 2004 09:41
To: security-basics () securityfocus com
Subject: virus mail ignores MX?

Hello, all.

I have some question about virus mail.
I have set viruswall about my domain and all mails should be sent first to viruswall.

xxxxx.com.               86400   IN      MX      0 viruswall.xxxxx.com. <-- viruswall
xxxxx.com.               86400   IN      MX      5 mail.xxxxx.com     <-- mail server 

When I see virus mail header, like below.

Received: from test.com ([211.117.47.1])
        by mail.xxxxx.com (8.11.6/8.11.6) with ESMTP id i5B8DdW02504
        for <chulmin2 () xxxxx com>; Fri, 11 Jun 2004 17:13:44 +0900

some virus mails are filtered well at viruswall.
but other virus mails are not get through viruswall,
and go directly to mail.xxxxx.com. I think.

so I think some virus mail ignores MX, right?

What's the problem and how can I solve this problem?


Thanks in advance.

_________________________________________________________________
행운의 주인공이 이번엔 나일꺼야, 진짜루... 인터넷 복권   
http://www.msn.co.kr/money/interlotto/  


---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are 
guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the 
art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------



CONFIDENTIALITY NOTICE:  This email and any attachments may be confidential. They may contain privileged information 
and are intended for the named addressee (s) only. They must not be distributed without our consent. If you are not the 
intended recipient, please notify us immediately and delete the message and any attachments from your computer, do not 
disclose, distribute, or retain this email or any part of it.
DISCLAIMER: Internet communications are not secure and therefore Ogilvie Group Ltd does not accept legal responsibility 
for the contents of this message.  Unless expressly stated, opinions in this email are those of the individual sender, 
and not of Ogilvie Group Ltd.   Ogilvie Group Ltd checks outgoing e-mails with anti-virus software that is regularly 
updated however this does not guarantee that any files attached to this e-mail are virus free. You must therefore take 
full responsibility for virus checking. Ogilvie Group Ltd reserves the right to monitor all email communications 
through their networks.


---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------

Current thread:

virus mail ignores MX? Monty Ree (Jun 13)
- Re: virus mail ignores MX? Andrej Kacian (Jun 14)
- Re: virus mail ignores MX? Paul Kurczaba (Jun 14)
- Re: virus mail ignores MX? die tuere (Jun 14)
- Re: virus mail ignores MX? Pierre-Yves Bonnetain (Jun 14)
- RE: virus mail ignores MX? Burton M. Strauss III (Jun 14)
  - Re: virus mail ignores MX? Ranjeet Shetye (Jun 21)
- <Possible follow-ups>
- RE: virus mail ignores MX? Joshua Vince (Jun 14)
- RE: virus mail ignores MX? Alan Greig (Jun 14)
- Re: virus mail ignores MX? Monty Ree (Jun 16)
  - Re: virus mail ignores MX? Mircea MITU (Jun 18)
- RE: virus mail ignores MX? Keith T. Morgan (Jun 22)