From owner-freebsd-security Thu Jun 21 6:31:29 2001 Delivered-To: freebsd-security@freebsd.org Received: from virtual-voodoo.com (virtual-voodoo.com [204.120.165.254]) by hub.freebsd.org (Postfix) with ESMTP id 8A77F37B401 for ; Thu, 21 Jun 2001 06:31:25 -0700 (PDT) (envelope-from steve@virtual-voodoo.com) Received: (from steve@localhost) by virtual-voodoo.com (8.11.4/8.11.3) id f5LDVJm52425; Thu, 21 Jun 2001 08:31:19 -0500 (EST) (envelope-from steve) Date: Thu, 21 Jun 2001 08:31:19 -0500 From: Steve Ames To: "Bruce M. Walker" Cc: freebsd-security@FreeBSD.ORG Subject: Re: need help filter this stupid virus. Sendmail didnt stop this. Message-ID: <20010621083119.A73302@virtual-voodoo.com> References: <200106202329.f5KNTPm07958@fusion.borderware.com> <200106202350.f5KNopS18245@fusion.borderware.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <200106202350.f5KNopS18245@fusion.borderware.com>; from bmw@borderware.com on Wed, Jun 20, 2001 at 07:50:51PM -0400 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org http://www.sendmail.net/lovefix.shtml http://www.sendmail.net/lovemorph.shtml On Wed, Jun 20, 2001 at 07:50:51PM -0400, Bruce M. Walker wrote: > Gah! Bad form to reply to my own msg, but I gave bad advice... > > Bruce M. Walker wrote: > > > > This syntax is supposed to match mail-header From: (or To:) lines... > > > > From:spammer@some.dom REJECT > > To:friend.domain RELAY > > I'm way wrong! That just makes the match *specific* to envelope-from > or -to, not internal mail headers. > > > To add header checks in sendmail, see section "Header Checks" in > /usr/share/sendmail/cf/README. It would look like this: > > LOCAL_RULESETS > HFrom: $>CheckFrom > > SCheckFrom > R< hahaha @ sexyfun . net > $#error $: 550 No spam. > R$* $@ OK > > (This is untested!) > > That's why most people are using Procmail to handle these cases. > > Here's a hint: install Postfix in place of sendmail. You'll find > the header-checks capability is extensive. Stopping this virus is > pretty trivial. > > -bmw > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message