From owner-freebsd-security Wed Jun 20 23:38: 0 2001 Delivered-To: freebsd-security@freebsd.org Received: from internethelp.ru (wh.internethelp.ru [212.113.112.145]) by hub.freebsd.org (Postfix) with ESMTP id 7D88037B403 for ; Wed, 20 Jun 2001 23:37:53 -0700 (PDT) (envelope-from nkritsky@internethelp.ru) Received: from ibmka (ibmka.internethelp.ru. [192.168.0.6]) by internethelp.ru (8.9.3/8.9.3) with SMTP id KAA96243; Thu, 21 Jun 2001 10:37:38 +0400 (MSD) Message-ID: <008c01c0fa1c$a92f94f0$0600a8c0@ibmka.internethelp.ru> From: "Nickolay A. Kritsky" To: "faSty" , Subject: Re: need help filter this stupid virus. Sendmail didnt stop this. Date: Thu, 21 Jun 2001 10:37:34 +0400 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 4.72.3110.5 X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3110.3 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org -----Original Message----- From: faSty To: freebsd-security@FreeBSD.ORG Date: 21 èþíÿ 2001 ã. 2:14 Subject: need help filter this stupid virus. Sendmail didnt stop this. >Hi there, > > I need help, I tried filter on Sendmail to reject or discard when it >match "From:hahaha@sexyfun.net" seem not success stop these stupid virus email >and it kept coming back repeat like every 2 or 3 days. > >Here the full email header. >-- end snip -- > >I searched www.google.com (search engine) find the solution for the FreeBSD >sendmail's filter on hahaha@sexyfun.net. I found most talk about procmail >but i looked the FreeBSD sendmail isnt run by procmail based. I have met such problems recently and tried to use procmail. It is not installed by default, so you should go to /usr/ports/mail/procmail and "make" it. AFAIK default sendmail.cf file uses mail(1) and mail.local(8) to bring mail to end-user. Thus you have to change your sendmail.cf file directly (vi /etc/sendmail.cf) or using m4. I am not so familiar with .cf file fromat, so I used the second way. I changed my main .mc site as follows: #diff mysite.procmail.mc mysite.local.mc 17c17 < MAILER(procmail)dnl --- > MAILER(local)dnl 21c21 < FEATURE(local_procmail)dnl --- > FEATURE(local_lmtp)dnl Then I created my own /etc/procmailrc file using guidelines from http://www.impsec.org/email-tools/procmail-security.html - I think you should read this document about email security. Everything seems to work, but I strongly recommend you to start changing default settings ASAP. I will not go deeply in installation process, because it is not the subject of this thread, but if you are interested in using procmail as "email-fierewall" on FreeBSD, you can always contact me by e-mail. Hope my post has helped you. Good Luck! NKritsky - SysAdmin InternetHelp.Ru http://www.internethelp.ru e-mail: nkritsky@internethelp.ru > >HELP! > >-trev > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message