Date: Thu, 21 Jun 2001 14:11:39 -0700 From: faSty <fasty@i-sphere.com> To: J Bacher <jb@jbacher.com> Cc: freebsd-security@freebsd.org Subject: Re: need help filter this stupid virus. Sendmail didnt stop this. Message-ID: <20010621141139.N31428@i-sphere.com> In-Reply-To: <4.2.2.20010621153545.01b4e6f8@mail.jbacher.com>; from jb@jbacher.com on Thu, Jun 21, 2001 at 03:39:38PM -0500 References: <20010621180835.A11041@hades.hell.gr> <20010620194713.A18467@ns1.via-net-works.net.ar> <200106202329.f5KNTPm07958@fusion.borderware.com> <20010620165335.C20771@i-sphere.com> <20010621180835.A11041@hades.hell.gr> <20010621130840.I31428@i-sphere.com> <4.2.2.20010621153545.01b4e6f8@mail.jbacher.com>
next in thread | previous in thread | raw e-mail | index | archive | help
It worked reject the hahaha@sexyfun.net with this small code.
many thanks!
-trev
On Thu, Jun 21, 2001 at 03:39:38PM -0500, J Bacher wrote:
> At 01:08 PM 6/21/2001 -0700, you wrote:
> >Yes, I still using /etc/mail/access, seems not work at all, and I will try
> >it out with procmail filter today.
>
> If you are using Sendmail, append this to the very end of your
> sendmail.cf. It will block the hahaha virus.
>
>
>
> ######################################################################
> #
> # Added to Block the Viruses
> #
> ######################################################################
>
> # The format for the rule is
> #
> # RExactly the thing you want to quote
> # You just need enough of a pattern to match.
> # Instructional note: Follow these instructions exactly
> # The format for the rule is
> #
> # RExactly the thing you want to quote
> #
> # No quote marks, no tabs, absolutely nothing in
> # parentheses (like this, they're considered comments
> # and will be removed before they get to the rules).
> # After the exact thing, then a tab, and the $#error.
> # Note, the $* matches anything, so it's useful for
> # wildcarding. This also scans all messages with
> # Subject: headers and invokes a rule, so there is
> # a performance hit.
>
>
> HSubject: $>Check_Subject
> D{MPat1}Snowhite and the Seven Dwarfs - The REAL story!
> D{MMsg1}This message may contain the Snow White virus.
> SCheck_Subject
> R${MPat1} $* $#error $: 550 ${MMsg1}
> RRe: ${MPat1} $* $#error $: 550 ${MMsg1}
>
>
>
>
>
> >On Thu, Jun 21, 2001 at 06:08:35PM +0300, Giorgos Keramidas wrote:
> > > On Wed, Jun 20, 2001 at 04:53:35PM -0700, faSty wrote:
> > >
> > > > I did used "From:hahaha@sexyfun.net" and still fails reject it.
> > > >
> > > > -trev
> > >
> > > Instead of tweaking your sendmail rules, which is somewhat error prone
> > > (unless you reallyknow what you are doing), you could install procmail
> > > and use that as the local delivery agent. Then, a simple filter like:
> > >
> > > :0 H
> > > * From[: ].*hahaha@.*sex.*$
> > > /dev/null
> > >
> > > put in the proper place (your /usr/local/etc/procmailrc) will filter
> > > out all mail that have either an envelope-from or a header-from
> > > address that matches your rules.
> > >
> > > The only problem I can see with this is that you might soon end
> > > up with a huge /usr/local/etc/procmailrc file, instead of a nicer
> > > /etc/mail/access file that blocks spammers.
> > >
> > > If you do want to use /etc/mail/access then you should probably do the
> > > extra works it takes to find from the mail headers, where the mail
> > > comes from.
> > >
> > > Then block the mail that comes from that host or domain or provider
> > > and contact the provider's mail admins informing them that you have
> > > blocked the entire domain because spammers use it to abuse your mail
> > > system. A nicely put and carefully worded telephone call, where you
> > > take care not to offend the mail admins themselves, will do wonders..
> > > trust me.
> > >
> > > -giorgos
> > >
> > >
> > > To Unsubscribe: send mail to majordomo@FreeBSD.org
> > > with "unsubscribe freebsd-security" in the body of the message
> >
> >To Unsubscribe: send mail to majordomo@FreeBSD.org
> >with "unsubscribe freebsd-security" in the body of the message
>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010621141139.N31428>