From owner-freebsd-security Thu Jun 21 8:32:11 2001 Delivered-To: freebsd-security@freebsd.org Received: from mailsrv.otenet.gr (mailsrv.otenet.gr [195.170.0.5]) by hub.freebsd.org (Postfix) with ESMTP id 6694F37B401 for ; Thu, 21 Jun 2001 08:32:06 -0700 (PDT) (envelope-from keramida@ceid.upatras.gr) Received: from hades.hell.gr (patr530-b019.otenet.gr [195.167.121.147]) by mailsrv.otenet.gr (8.11.1/8.11.1) with ESMTP id f5LFW1S17132; Thu, 21 Jun 2001 18:32:02 +0300 (EEST) Received: (from charon@localhost) by hades.hell.gr (8.11.4/8.11.3) id f5LF8an11306; Thu, 21 Jun 2001 18:08:36 +0300 (EEST) (envelope-from keramida@ceid.upatras.gr) Date: Thu, 21 Jun 2001 18:08:35 +0300 From: Giorgos Keramidas To: faSty Cc: "Bruce M. Walker" , freebsd-security@FreeBSD.ORG Subject: Re: need help filter this stupid virus. Sendmail didnt stop this. Message-ID: <20010621180835.A11041@hades.hell.gr> References: <20010620194713.A18467@ns1.via-net-works.net.ar> <200106202329.f5KNTPm07958@fusion.borderware.com> <20010620165335.C20771@i-sphere.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20010620165335.C20771@i-sphere.com>; from fasty@i-sphere.com on Wed, Jun 20, 2001 at 04:53:35PM -0700 X-PGP-Fingerprint: 3A 75 52 EB F1 58 56 0D - C5 B8 21 B6 1B 5E 4A C2 X-URL: http://students.ceid.upatras.gr/~keramida/index.html Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Wed, Jun 20, 2001 at 04:53:35PM -0700, faSty wrote: > I did used "From:hahaha@sexyfun.net" and still fails reject it. > > -trev Instead of tweaking your sendmail rules, which is somewhat error prone (unless you reallyknow what you are doing), you could install procmail and use that as the local delivery agent. Then, a simple filter like: :0 H * From[: ].*hahaha@.*sex.*$ /dev/null put in the proper place (your /usr/local/etc/procmailrc) will filter out all mail that have either an envelope-from or a header-from address that matches your rules. The only problem I can see with this is that you might soon end up with a huge /usr/local/etc/procmailrc file, instead of a nicer /etc/mail/access file that blocks spammers. If you do want to use /etc/mail/access then you should probably do the extra works it takes to find from the mail headers, where the mail comes from. Then block the mail that comes from that host or domain or provider and contact the provider's mail admins informing them that you have blocked the entire domain because spammers use it to abuse your mail system. A nicely put and carefully worded telephone call, where you take care not to offend the mail admins themselves, will do wonders.. trust me. -giorgos To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message