Virus Scanner Auto-Replies - A Good Thing or Obsolete?

Moryath writes "Used to be, everyone put an auto-responder in their email server's virus scanner. That way, some dingus sends in a virus, you're protected, and they get notified so they scan and fix their system. Of course, all these stupid things ever do is reply to the From: field, and possibly to Abuse@domain, webmaster@domain, etc... as well. Enter viruses like Sobig. We've had them for years in various forms, they spoof the From: field with another email from another victim's contact book, and all of a sudden random people are getting bounces of emails they've never sent. I have actually gotten more bounces today than actual Sobig attachments. So what does the Slashdot crowd think? Is it time for the people running these mail servers to take down those autoresponders? Are they guilty for part of the damage things like SoBig have caused, since their ill-configured mail servers are doubling, tripling, or even quadrupling the amount of traffic one Sobig infection produces?"

Re:HOWTO in exim4?

[cbcbcb]

use SAUCE:http://www.chiark.greenend.org.uk/~ian/sauce /

Re:Even more brains would do it in the MTA

[Lars+T.]

Article in German. Sobig.F filter rules for Sendmail, Postfix and Exim.

Re:Yes and Another Thing...

[mikeswi]

Realistically, regular corporate workstations and home DSL/Cable/Dial-Up users should have no reason to talk directly to a foreign SMTP server in the first place.

That is incorrect. Web site owners often use the mail server associated with their domain(s) to send and receive email. When I send email to a business partner, I would prefer they see it come from my web site's domain, not my ISP's.

If my ISP did this, I would just switch to the alternate port number my web host has set up for just that event. When/if they block that port also, I will ask them if the dubious benefit of blocking that port makes up for the $780 they would have made from my account that year when I choose another ISP.