Date: Thu, 21 Jun 2001 15:39:38 -0500 From: J Bacher <jb@jbacher.com> To: faSty <fasty@i-sphere.com> Cc: freebsd-security@FreeBSD.ORG Subject: Re: need help filter this stupid virus. Sendmail didnt stop this. Message-ID: <4.2.2.20010621153545.01b4e6f8@mail.jbacher.com> In-Reply-To: <20010621130840.I31428@i-sphere.com> References: <20010621180835.A11041@hades.hell.gr> <20010620194713.A18467@ns1.via-net-works.net.ar> <200106202329.f5KNTPm07958@fusion.borderware.com> <20010620165335.C20771@i-sphere.com> <20010621180835.A11041@hades.hell.gr>
next in thread | previous in thread | raw e-mail | index | archive | help
At 01:08 PM 6/21/2001 -0700, you wrote: >Yes, I still using /etc/mail/access, seems not work at all, and I will try >it out with procmail filter today. If you are using Sendmail, append this to the very end of your sendmail.cf. It will block the hahaha virus. ###################################################################### # # Added to Block the Viruses # ###################################################################### # The format for the rule is # # RExactly the thing you want to quote # You just need enough of a pattern to match. # Instructional note: Follow these instructions exactly # The format for the rule is # # RExactly the thing you want to quote # # No quote marks, no tabs, absolutely nothing in # parentheses (like this, they're considered comments # and will be removed before they get to the rules). # After the exact thing, then a tab, and the $#error. # Note, the $* matches anything, so it's useful for # wildcarding. This also scans all messages with # Subject: headers and invokes a rule, so there is # a performance hit. HSubject: $>Check_Subject D{MPat1}Snowhite and the Seven Dwarfs - The REAL story! D{MMsg1}This message may contain the Snow White virus. SCheck_Subject R${MPat1} $* $#error $: 550 ${MMsg1} RRe: ${MPat1} $* $#error $: 550 ${MMsg1} >On Thu, Jun 21, 2001 at 06:08:35PM +0300, Giorgos Keramidas wrote: > > On Wed, Jun 20, 2001 at 04:53:35PM -0700, faSty wrote: > > > > > I did used "From:hahaha@sexyfun.net" and still fails reject it. > > > > > > -trev > > > > Instead of tweaking your sendmail rules, which is somewhat error prone > > (unless you reallyknow what you are doing), you could install procmail > > and use that as the local delivery agent. Then, a simple filter like: > > > > :0 H > > * From[: ].*hahaha@.*sex.*$ > > /dev/null > > > > put in the proper place (your /usr/local/etc/procmailrc) will filter > > out all mail that have either an envelope-from or a header-from > > address that matches your rules. > > > > The only problem I can see with this is that you might soon end > > up with a huge /usr/local/etc/procmailrc file, instead of a nicer > > /etc/mail/access file that blocks spammers. > > > > If you do want to use /etc/mail/access then you should probably do the > > extra works it takes to find from the mail headers, where the mail > > comes from. > > > > Then block the mail that comes from that host or domain or provider > > and contact the provider's mail admins informing them that you have > > blocked the entire domain because spammers use it to abuse your mail > > system. A nicely put and carefully worded telephone call, where you > > take care not to offend the mail admins themselves, will do wonders.. > > trust me. > > > > -giorgos > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-security" in the body of the message > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4.2.2.20010621153545.01b4e6f8>