From owner-freebsd-questions Mon Jul 23 1:14:34 2001 Delivered-To: freebsd-questions@freebsd.org Received: from mail.freebsd-corp-net-guide.com (mail.freebsd-corp-net-guide.com [206.29.169.15]) by hub.freebsd.org (Postfix) with ESMTP id C03DF37B401 for ; Mon, 23 Jul 2001 01:14:27 -0700 (PDT) (envelope-from tedm@toybox.placo.com) Received: from tedm.placo.com (nat-rtr.freebsd-corp-net-guide.com [206.29.168.154]) by mail.freebsd-corp-net-guide.com (8.11.1/8.11.1) with SMTP id f6N8EN837449; Mon, 23 Jul 2001 01:14:23 -0700 (PDT) (envelope-from tedm@toybox.placo.com) From: "Ted Mittelstaedt" To: "Thierry Black" , Subject: RE: SirCam virus Date: Mon, 23 Jul 2001 01:14:22 -0700 Message-ID: <002701c1134f$7aa71940$1401a8c0@tedm.placo.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook 8.5, Build 4.71.2173.0 In-Reply-To: Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3155.0 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG cyrus is not relevent to this discussion. Your not replacing it, your replacing the local delivery program. cyrus gets the message well after the local delivery program (ie: procmail) has finished with it. The way it works now is that the message comes in, is accepted by sendmail which passes it to the local delivery program mail.local, which writes it into /var/mail/username. cyrus then picks it up from there when a imap or pop request comes in and delivers it out via imap or pop. The way you want it to work is the message comes in, is accepted by sendmail which passes it to the local delivery program procmail, which filters it for spam and for this virus, then writes it into /var/mail/username. cyrus then picks it up from there when a imap or pop request comes in and delivers it out via imap or pop. All that feature does that I mention in the article is change the line in sendmail.cf Mlocal, P=/usr/libexec/mail.local, F=lsDFMAw5:/|@qPSXfmnz9P, S=EnvFromL/ HdrFromL, R=EnvToL/HdrToL, to a Mlocal line that replaces mail.local with the procmail invocation. You want to spend some time reading the procmail mailing list and documentation for some more detailed answers. But it's not that hard and also procmail is the default local delivery program for GNU/Linux so there's plenty of info out there on it in the Linux mailing list archives. (although a lot of Linux people use postfix instead of sendmail, yech!) Ted Mittelstaedt tedm@toybox.placo.com Author of: The FreeBSD Corporate Networker's Guide Book website: http://www.freebsd-corp-net-guide.com >-----Original Message----- >From: owner-freebsd-questions@FreeBSD.ORG >[mailto:owner-freebsd-questions@FreeBSD.ORG]On Behalf Of Thierry Black >Sent: Monday, July 23, 2001 12:20 AM >To: tedm@toybox.placo.com; freebsd-questions@FreeBSD.ORG >Subject: RE: SirCam virus > > >Hello Ted! Thankyou for the reply. I'm sure procmail is the answer now but >as my original post said, I don't know how to make procmail work with cyrus. >Your article was really good, but it didn't explain that. Do you know how I >can make procmail work with sendmail 8.9.3 and cyrus? > >thankyou >thierry > > > > > >>From: "Ted Mittelstaedt" >>To: "Thierry Black" , >> >>Subject: RE: SirCam virus >>Date: Sun, 22 Jul 2001 23:41:26 -0700 >>MIME-Version: 1.0 >> >>Actually this virus is an easy one to block. According to the >>advisory there is always one of the following strings: >> >>"Hi! How are you?" >> >>"I send you this file in order to have your advice" >> >>So all you need to do is replace the local delivery agent with >>Procmail and write a procmail recipe to filter out messages >>containing either of those strings. I did a column on this a >>while ago it's here: >> >>http://www.computerbits.com/archive/1998/1000/lan9810.html >> >> You really ought to be doing this for your spamfiltering anyway. >> >>Ted Mittelstaedt >>tedm@toybox.placo.com >>Author of: The FreeBSD Corporate Networker's >>Guide >>Book website: >>http://www.freebsd-corp-net-guide.com >> >> >> >-----Original Message----- >> >From: owner-freebsd-questions@FreeBSD.ORG >> >[mailto:owner-freebsd-questions@FreeBSD.ORG]On Behalf Of Thierry Black >> >Sent: Sunday, July 22, 2001 9:32 PM >> >To: freebsd-questions@FreeBSD.ORG >> >Subject: SirCam virus >> > >> > >> >Hello again! My server has received copies of this "SirCam" virus >>notified >> >at www.symantec.com. We are using sendmail, and cyrus for delivery. How >>can >> >I put a rule to block the messages? The subject, sender, attachment name, >> >and headers are all random (taken from the virus victims email). The only >> >common things are in the body. The messages start with "Hi! How are you?" >> >and end with "See you later. Thanks". >> > >> >I need to block these messages from being sent to or from our email >>server. >> >I have heard of procmail, but I don't know hwo to use it with sendmail >>8.9.3 >> >and cyrus. >> > >> > >> >_________________________________________________________________ >> >Get your FREE download of MSN Explorer at >>http://explorer.msn.com/intl.asp >> > >> > >> >To Unsubscribe: send mail to majordomo@FreeBSD.org >> >with "unsubscribe freebsd-questions" in the body of the message >> > >> > > >_________________________________________________________________ >Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message