From owner-freebsd-security Wed Jun 20 16:46:50 2001 Delivered-To: freebsd-security@freebsd.org Received: from i-sphere.com (shell.i-sphere.com [209.249.146.70]) by hub.freebsd.org (Postfix) with ESMTP id 3457737B406 for ; Wed, 20 Jun 2001 16:46:47 -0700 (PDT) (envelope-from fasty@i-sphere.com) Received: (from fasty@localhost) by i-sphere.com (8.11.3/8.11.3) id f5KNrZv20865; Wed, 20 Jun 2001 16:53:35 -0700 (PDT) (envelope-from fasty) Date: Wed, 20 Jun 2001 16:53:35 -0700 From: faSty To: "Bruce M. Walker" Cc: freebsd-security@freebsd.org Subject: Re: need help filter this stupid virus. Sendmail didnt stop this. Message-ID: <20010620165335.C20771@i-sphere.com> References: <20010620194713.A18467@ns1.via-net-works.net.ar> <200106202329.f5KNTPm07958@fusion.borderware.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <200106202329.f5KNTPm07958@fusion.borderware.com>; from bmw@borderware.com on Wed, Jun 20, 2001 at 07:29:25PM -0400 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I did used "From:hahaha@sexyfun.net" and still fails reject it. -trev On Wed, Jun 20, 2001 at 07:29:25PM -0400, Bruce M. Walker wrote: > Fernando P . Schapachnik wrote: > > [somebody previously wrote...] > > > > > > You don't need the from. For example, try this: > > Actually, you *do*. See below... > > > > > [emechler@lucifer ~]$ cat /etc/mail/access > > > hahaha@sexyfun.net REJECT > > > > It won't work, as the virus uses hahaha@sexyfun.net INSIDE the > > message itself and sendmail checks the From field from the envelope, > > which in this case is probably <> (empty). > > That's correct. > > However, new sendmails can specify header checks. For example, if you > are running FreeBSD 4.3 read /usr/share/sendmail/cf/README and check > around line 1859. > > This syntax is supposed to match mail-header From: (or To:) lines... > > From:spammer@some.dom REJECT > To:friend.domain RELAY > > > Don't forget to hash the map file after editing /etc/mail/access ! > You should be able to simply say "make" in that folder. Or, > > makemap hash /etc/mail/access < /etc/mail/access > > > > I was about to report it as a bug to sendmail a few days ago, but > > then I thought there might be some option to change that behavior or > > some valid reason for sendmail to accept a empty mail from: > > There are two very compelling reasons to accept empty envelope-from: > > 1. mailers send bounce and other internally-created error messages > with an empty envelope-from. If you don't accept them, you > will confuse users who will not see bounces. > > 2. the RFCs say so. See RFC2821 (and RFC821). > > > Cheers! > > -bmw > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message