Klez bypasses MX records

Joseph S D Yao jsdy at center.osis.gov
Thu Oct 3 23:16:21 UTC 2002


On Thu, Oct 03, 2002 at 10:28:16AM -0700, Roger Smith wrote:
> 
> If this is not the right place to post this, please forgive me.
> 
> In our escapades with the Klez virus, it appears that its client connects
> directly to the destination SMTP server.  Since we use MX records to redirect
> our email to our anti-virus SMTP processing server, the Klez effectively
> bypasses that server.
> 
> Is there a way to make sure it does not bypass our MX records or rewrite the
> DNS to have it hit the AV server first?

I would suggest not having "tcoe.org" have an A record.  Then, with
your MX records just as they are, most mail should go directly to your
AV server as long as it is up.

If you must have "tcoe.org" point to your Web server, as it does now,
then make sure that your mail server is not also on that machine.
Linux boxes are inexpensive, as you know.  ;-)

[I am wondering why .org rather than .gov or .ca.us, but I'm sure there
were reasons.]

-- 
Joe Yao				jsdy at center.osis.gov - Joseph S. D. Yao
OSIS Center Systems Support					EMT-B
-----------------------------------------------------------------------
   This message is not an official statement of OSIS Center policies.


More information about the bind-users mailing list