From owner-freebsd-security Wed Dec 5 21:42:30 2001 Delivered-To: freebsd-security@freebsd.org Received: from mail.hq.newdream.net (mail.hq.newdream.net [216.246.35.10]) by hub.freebsd.org (Postfix) with ESMTP id A153E37B417 for ; Wed, 5 Dec 2001 21:42:26 -0800 (PST) Received: from zugzug.hq.newdream.net (zugzug.hq.newdream.net [127.0.0.1]) by ravscan.zugzug.hq.newdream.net (Postfix) with SMTP id 7D5FF3B397 for ; Wed, 5 Dec 2001 21:42:26 -0800 (PST) Received: by mail.hq.newdream.net (Postfix, from userid 1012) id 52C1D3B396; Wed, 5 Dec 2001 21:42:26 -0800 (PST) Date: Wed, 5 Dec 2001 21:42:26 -0800 From: Owner of many system processes To: freebsd-security@FreeBSD.ORG Subject: Re: (WOT) Re: the best edited picture ever Message-ID: <20011206054226.GA20863@hq.newdream.net> Mail-Followup-To: freebsd-security@FreeBSD.ORG References: <20011206044206.GD12011@hq.newdream.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.3.24i Organization: New Dream Network Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Ian Smith wrote: > > [on topic? I'd actually like to know what can be done with majordomo > to accomplish it; we're having just this problem with a list run from > here] well it looks like hub.freebsd.org is running postfix according to the smtp banner, so assuming no one at freebsd wants to receive this type of thing, it would be pretty trivial to block most (but not all) of this type of stuff with regex checks. this has the advantage of getting rid of this junk as early as possible. assuming pcre body_checks, something like this might work (this is just from the postfix-users list; i haven't tested it personally, but something like this should work). something similar could be done if POSIX regexes are used instead.... (sorry for the long line) /^(Content-Disposition: attachment;.*| Content-Type:.*|(\t|)+)(file)?name="?.*\.(lnk|hta|com|pif|vbs|vbe|js|jse|exe|bat|cmd|vxd|scr|shm|dll)"?$/ REJECT however this would apply to all mail coming into the server... (although god knows why anyone at freebsd.org would want to receive this type of attachment, especially not zipped or tarred /gzipped. obviously this would be up to whoever admins the freebsd mail servers... i haven't used majordomo, so i'm not sure how to do this specifically with that software. > I don't agree that these lists need the large overhead of moderation, > if a (hopefully) simple technical fix can drastically reduce the > volume of this crap in any and all freebsd lists - including stripping > HTML mail. hopefully so. who is 'officially' in charge of this list? perhaps they could let us know if anything can be done regarding this? -- William Yardley System Administrator, Newdream Network william@hq.newdream.net http://infinitejazz.net/will/pgp/gpg.asc To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message