Block bounced/returned messages from SoBig virus

**XPerties** · 09-06-2003 09:52 AM

This is the issue at hand most of us are having or had. So many e-mails being bounced back to my servers saying I sent virus (pif, .scr .exe) which I or anyone on my servers have not sent.

We all know the return e-mail address is spoofed so you get killed with a crap load of e-mails which bogs the server down and can sometimes crash the mail server.

This is what I need.....

Someone to help or assist me in editing my EXIM files to delete or block any return e-mails that have this in them. My mail q is around 500-600 a day, sometimes higher.

I'm will to pay (depending on price), or trade 2 sets of FLASH TUTORIALS for your help.

I have read so many threads on this issue here and rackshack. I would like someone to verify that there is a way to stop, block these from entering my Q.

Thanks.

cPanel.net Support Ticket Number: Willing to pay or trade for assistance

**compunet2** · 09-06-2003 01:32 PM

I know it may not be the solution your looking for... but there is light at the end of the tunnel. The worm de-activates on 9/10. So you only have to put up with it for another 4 days....

cPanel.net Support Ticket Number:

**JPmorgan** · 09-06-2003 01:45 PM

Originally posted by compunet2
I know it may not be the solution your looking for... but there is light at the end of the tunnel. The worm de-activates on 9/10. So you only have to put up with it for another 4 days....

cPanel.net Support Ticket Number:

I thought it was 9/20 and then you have to worry about all the infected computers still sending the worm for months to come. I would imagine its not going to just go away instantly.

cPanel.net Support Ticket Number:

**compunet2** · 09-06-2003 05:11 PM

http://securityresponse.symantec.com...obig.f@mm.html

"The worm de-activates on September 10, 2003. The last day on which the worm will spread is September 9, 2003.

The aforementioned de-activation date applies only to the mass-mailing, network propagation, and email address collection routines. This means that a W32.Sobig.F@mm-infected computer will still attempt to download the updates from the respective list of master servers during the associated trigger period, even after the infection de-activation date. Previous variants of Sobig exhibited similar behavior. "

cPanel.net Support Ticket Number:

**rs-freddo** · 09-06-2003 05:20 PM

Xperties, I PM'd you.

cPanel.net Support Ticket Number:

LinkBack

Thread Tools

Block bounced/returned messages from SoBig virus

SMTP error messages, returned outgoing mail

Remote mailserver stops email. 553 5.0.0 This message may contain the Sobig.F virus.

rejected/bounced emails returned to "root" acoount

Mail filters not working correctly (SoBig Virus bouces)