From owner-freebsd-security Wed Jun 20 16:50:54 2001 Delivered-To: freebsd-security@freebsd.org Received: from mgateway.borderware.com (mgateway.borderware.com [207.236.65.231]) by hub.freebsd.org (Postfix) with ESMTP id 4508A37B403 for ; Wed, 20 Jun 2001 16:50:52 -0700 (PDT) (envelope-from bmw@borderware.com) From: "Bruce M. Walker" Message-Id: <200106202350.f5KNopS18245@fusion.borderware.com> Subject: Re: need help filter this stupid virus. Sendmail didnt stop this. In-Reply-To: <200106202329.f5KNTPm07958@fusion.borderware.com> from "Bruce M. Walker" at "Jun 20, 2001 07:29:25 pm" To: freebsd-security@FreeBSD.ORG Date: Wed, 20 Jun 2001 19:50:51 -0400 (EDT) X-Mailer: ELM [version 2.4ME+ PL66 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Gah! Bad form to reply to my own msg, but I gave bad advice... Bruce M. Walker wrote: > > This syntax is supposed to match mail-header From: (or To:) lines... > > From:spammer@some.dom REJECT > To:friend.domain RELAY I'm way wrong! That just makes the match *specific* to envelope-from or -to, not internal mail headers. To add header checks in sendmail, see section "Header Checks" in /usr/share/sendmail/cf/README. It would look like this: LOCAL_RULESETS HFrom: $>CheckFrom SCheckFrom R< hahaha @ sexyfun . net > $#error $: 550 No spam. R$* $@ OK (This is untested!) That's why most people are using Procmail to handle these cases. Here's a hint: install Postfix in place of sendmail. You'll find the header-checks capability is extensive. Stopping this virus is pretty trivial. -bmw To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message