Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 15 Apr 2002 01:34:50 +0200
From:      Matthias Andree <ma@dt.e-technik.uni-dortmund.de>
To:        freebsd-stable@freebsd.org
Subject:   Re: Antigen Notification:Antigen found VIRUS= HTML\MimeExploit.IFRAME (CA(InoculateIT),CA(Vet)) virus (fwd)
Message-ID:  <m3hemdeua4.fsf@merlin.emma.line.org>
In-Reply-To: <00fc01c1e3fd$6b3a79f0$5f45a8c0@auir.gank.org> ("Craig Boston"'s message of "Sun, 14 Apr 2002 16:43:29 -0500")
References:  <Pine.WNT.4.43.0204150932570.3044-100000@den2> <00fc01c1e3fd$6b3a79f0$5f45a8c0@auir.gank.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
"Craig Boston" <craig@meoqu.gank.org> writes:

> No, from the headers it looks like tig-msxproto1.tig.mizzou.edu is.  It also
> looks like their antigen server is using an invalid envelope sender (simply
> <antigen> with no domain name).
>
> AFAIK, freebsd.org *DOES* use Postfix, however, and it assumes unqualified
> addresses are local and rewrites them with its own domain name...  So
> <antigen> becomes <antigen@freebsd.org>.  Maybe one of the Postfix gurus can
> come up with a regex match to prevent stuff like this from masquarading as a
> valid address.

No regexp necessary, Postfix can tell remote sites that use unqualified
sender envelopes to go away:

/usr/local/postfix/etc/main.cf:
smtpd_sender_restrictions = ... permit_mynetworks reject_non_fqdn_sender ...

This is valid if and only if the whole network behind hub.freebsd.org is
in the freebsd.org domain. If it is not, some restriction class
configuration should be used, Ralf Hildebrandt has information on this
topic publicly available on the web.


It may also be useful to reject these junk notifications, such as:

/usr/local/postfix/etc/main.cf:
header_checks = regexp:/usr/local/etc/postfix/header_checks

/usr/local/postfix/etc/header_checks:
/^Subject: Antigen Notification:Antigen found VIRUS/   REJECT we don't want to know about your virus troubles

Or filter them with the badwords list or whatever the mailing list
software offers.

-- 
Matthias Andree

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?m3hemdeua4.fsf>