Klez bypasses MX records

phn at icke-reklam.ipsec.nu phn at icke-reklam.ipsec.nu
Fri Oct 4 12:42:20 UTC 2002

Roger Smith <rogers at tcoe.org> wrote:

> If this is not the right place to post this, please forgive me.

> In our escapades with the Klez virus, it appears that its client connects
> directly to the destination SMTP server.  Since we use MX records to redirect
> our email to our anti-virus SMTP processing server, the Klez effectively
> bypasses that server.

> Is there a way to make sure it does not bypass our MX records or rewrite the
> DNS to have it hit the AV server first?

Filters in your firewall/routers.

What domain are you talking about ? And how is it supposed to work ?

> Thanks for any help or links.

> Roger Smith

Peter Håkanson         
        IPSec  Sverige      ( At Gothenburg Riverside )
           Sorry about my e-mail address, but i'm trying to keep spam out,
	   remove "icke-reklam" if you feel for mailing me. Thanx.

More information about the bind-users mailing list