[Esa-l] Outgoing Mail
Karl.Dunn at vmic.com
Karl.Dunn at vmic.com
Wed Aug 15 08:49:20 PDT 2001
If you are worried about secondary traffic like this, don't notify the
sender. We quarantine bad outgoing mail, and we deliver incoming after
poisoning and defanging. We notify inside senders (outgoing filter), but
not outside ones (incoming filter).
I >want< to know something bad has happened right when it happens, not
after the boss calls and what-the-heck's me, so the filters are set to
notify me. I can stop a storm if one happens, and part of the benefit of
the filtering is to limit the chances of a storm in the first place.
Karl Dunn (KLD13)
VMIC
12090 South Memorial Parkway
Huntsville AL USA 35803
VOICE: (256) 382-8211 or (800) 322-3616
FAX: (256) 650-5472 or (256) 882-0859
On Tue, 14 Aug 2001, Lee Howard wrote:
> ...
> Just wait until one of your users gets hit with a mail worm, and they send
> out 1,000 emails at once with the worm attached, and then your system
> decides to send notifications to you and the sender.
More information about the esd-l
mailing list