[Esa-l] Outgoing Mail

Lee Howard faxguy at deanox.com
Tue Aug 14 10:14:49 PDT 2001


At 01:17 AM 8/14/01 -0700, Hisashi T Fujinaka wrote:

>And don't tell me your outbound mail server is so weak that it can't
>handle the extra load.

Let's use Anna Kornikova as an example.  It's a good example in my case
because I know about its effects on my own mail server intimately.  It hit
before the virus signature was in any definitions file, and it propagated
by e-mail.

The real danger with Anna Kornikova was not workstation damage, but rather
mail server DoS because of mail overload.  I had *one* user become infected
with this mail worm (due to their stupidity in defanging the attachment and
running it), and it brought my AMD K6-2/500 mail server to its knees
because of the immediate volume of outbound mail which the worm created,
including mail being sent to bogus addresses and bogus domains.

*IF* I had outbound mail filtering also, I would have *tripled* the mail
volume because of the notifications, etc, being sent.  That would not have
been healthy to anybody else who uses our mail server.

Sacrifice my mail server to protect the "innocent" bystander?  Sacrifice
the clean mail intended to other clients to DoS because of my obsession to
scan outbound traffic?  Nay.

So the answer, quite frankly, is no, my outbound mail server is too weak to
handle the extra load, and as I've been trying to say I sincerely believe
that nobody's is.

Lee.



More information about the esd-l mailing list