On Thu, 12 Feb 2004, David F. Skoll wrote:
That was not a bug. It was an attempt to guard against malformed
MIME like this:
Content-Type: appliaction/octet-stream; name=foobar.exe .txt
vs.
Content-Type: appliaction/octet-stream; name=foobar.txt .exe
However, the old behavior was so
I'm using MD+SA+Sophie+Sophos (SAVI libs + .ide).
Do you think that what has been written in:
http://www.securitynewsportal.com/cgi-bin/securitynews.cgi?database=JanDDid=74
...means my system is vulnerable to attacks via that hole?
AM
--
I have modified Jonas' code to work on my Redhat servers if anyone is
interested. I had to make minor changes to the database locking
mechanism.
Let me know and I will post the code.
Steven Rocha
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Jonas
On Fri, 13 Feb 2004, Steffen Kaiser wrote:
Would it be possible to parse and re-create MIME sub headers, in order to
place, at least, double quotes around the name?
action_rebuild() does that. But because of limitations in Milter, it will
only change internal MIME headers, not the main
On Fri, 13 Feb 2004, Rob wrote:
However it would be nice if MD didn't make
any assumptions about the capability of any virus scanner and did the same
as AMAVIS does - extract and decode the email so that the virus scanner
software has as little to do as possible.
MIMEDefang does exactly
On Thu, 12 Feb 2004, Kevin A. McGrail wrote:
Yesterday 50K. (grep 'stat=Sent' /var/log/syslog.01 | wc). More actually
come in, of course..
I would need a total volume to comment.
You have to limit your sendmail process. Figure that otherwise a DoS could
take down your box. 200
Hello!
I've been thinking about getting my filter to blacklist (for a month or so) mailers
that can't take no for an answer, but yesterday something happened that made me wanna
check with others first.
Yesterday a mailer went amok when trying to get a mail through to our server. It was
All,
I have attached a modified version of our mimedefang-filter.
Modifications to filter:
1. Added Greylisting
2. Added stream by domain
3. Added clamd virus scanning, dropping specific worm viruses
4. Added filtering of specific filenames
5. Added SALocalTestsOnly for SA rbl checks
6.
Jonas Eckerman wrote:
Hello!
I've been thinking about getting my filter to blacklist (for a month or so) mailers
that can't take no for an answer, but yesterday something happened that made me
wanna check with others first.
For exactly the reason below, you don't want to do that!
On Fri, 13 Feb 2004 [EMAIL PROTECTED] wrote:
We had similar problems with an IBM x345 server -- we tried many things
eventually updating to 2.4.23-pre7 and up fixed it.
I updated the tg3 driver and stability improved a bit, I updated the ibm
ServeRaid driver (ips module) level to 610 and
On Fri, 13 Feb 2004, Jon R. Kibler wrote:
Yesterday a mailer went amok when trying to get a mail through to
our server. It was tempfailed by the greylist as it should, but
instead of waiting for awhile before trying again it retried 886 times
in 10 minutes (after witch it was let though by
Geeze, and I once thought I was being overly agressive when I reduced my
vendor's sendmail default retry value from 1 hour to 5 minutes. LOL
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of David
F. Skoll
Sent: Friday, February 13, 2004 12:14 PM
To: [EMAIL
Got it working.My bustI had the -r in mimedefang-multiplexor, not
mimedefang :)
What you are trying to accomplish is rather opaque to me. Can you please
specify?
I have a Secondary MX that will spool up mail in the event the primary goes
down. As you know, spammers will often try the
On Friday 13 February 2004 04:44, Andrzej Marecki wrote:
I'm using MD+SA+Sophie+Sophos (SAVI libs + .ide).
Do you think that what has been written in:
http://www.securitynewsportal.com/cgi-bin/securitynews.cgi?database=JanDDi
d=74
...means my system is vulnerable to attacks via that hole?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of David F. Skoll
On Fri, 13 Feb 2004, Rob wrote:
However it would be nice if MD didn't make
any assumptions about the capability of any virus scanner
and did the same
as AMAVIS does - extract
On Fri, 13 Feb 2004, Rob wrote:
/var/spool/MIMEDefang/mdefang-i1DKATdg040935/Work/msg-38690-4.txt: OK
/var/spool/MIMEDefang/mdefang-i1DKATdg040935/Work/msg-38690-5.zip: OK
The ZIP file in question contains 3 files (a .ini, .dll and .txt). No sign
of them being extracted.
Ah, I
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of David F. Skoll
Ah, I misunderstood.
MIMEDefang does not extract zip files. Nor do I ever plan on
adding that
functionality. I have two reasons for taking this position:
That's a shame, but
Hi,
I'm still having a problem with mimedefang's delete_recipient
not working with a mixed case recipient.
sendmail 8.12.10
mimedefang 2.38
Here's my sample spam delivered via telneting to my host:
helo myserver
mail from: [EMAIL PROTECTED]
rcpt to: [EMAIL PROTECTED]
data
Date: February 13,
Thanks for the succint answer.
and I apologize for implying you had a bug and not a feature in your code.
:)
I will go beat on the downstream maintainers about this.
David F. Skoll said:
That was not a bug. It was an attempt to guard against malformed
MIME like this:
However, the old
Rob said:
/var/spool/MIMEDefang/mdefang-i1DKATdg040935/Work/msg-38690-4.txt: OK
/var/spool/MIMEDefang/mdefang-i1DKATdg040935/Work/msg-38690-5.zip: OK
The ZIP file in question contains 3 files (a .ini, .dll and .txt). No
sign
of them being extracted.
Perhaps I really am not understanding
I noticed in some situations you need to pause mimedefang on a restart, to
give the socket time to get cleared out.
Is their a way to test and see if the socket is correctly formed before
starting mimedefang?
Eg you have another switch on the restart switch that does not wait an
arbitrary amount
On 13 Feb 2004 at 10:18, Alain DESEINE wrote:
I got a problem using CLAMAV and MIMEDefang when scanning zip files
containing viruses ...
snip
Are you using *_contains_virus_clamd() or *_contains_virus_clamav()
functions?
The daemonized scanner requires a local socket accessible to the
Michael Sofka wrote:
On Friday 13 February 2004 04:44, Andrzej Marecki wrote:
I'm using MD+SA+Sophie+Sophos (SAVI libs + .ide).
Do you think that what has been written in:
http://www.securitynewsportal.com/cgi-bin/securitynews.cgi?database=JanDDi
d=74
...means my system is vulnerable to attacks
23 matches
Mail list logo
