Re: [Mimedefang] message/partial
Carlton Thomas wrote: We advise our clients to send multi-part messages to overcome the 10 meg limit we impose on a single message. We understand that this can allow viruses to slip through our defences, but we had to impose a limit and we had to find some way of allowing messages larger than that limit to be sent. Huh. Yeah, the problem sounds familiar. Long time ago, users would upload 100kb file on FTP server and send email where the file is. Today, users would click attach icon and select 1GB file without thinking twice. It's like going to Rona or Home Depot web site, buying everything you need to build new house online (from concrete for foundations to roof shingles), and selecting FedEx or UPS as shipping method. They'll do the job, but they are far from optimal. Just as the E-mail servers and clients will do the job of transferring 1GB file, but they are far from optimal solution for transferring the file of such size. One possible solution to handle viruses in these types of messages is to create a mimedefang filter which recognises the first part of a multipart message and impose a minimum size limit on that part. This is consistent with the assumption that most messages which contain viruses tend to be small. Mimedefang currently allows the admin to make that assumption and to only scan messages below a certain size. Would this be a suitable compromise, and is it possible to implement it using in a mimedefang filter? If you are willing to live with the risks, yes it is possible. -- Aleksandar Milivojevic [EMAIL PROTECTED]Pollard Banknote Limited Systems Administrator 1499 Buffalo Place Tel: (204) 474-2323 ext 276 Winnipeg, MB R3T 1L7 ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Rejecting mail during SMTP transmission?
Dan Ferreira wrote: Hi all, I was wondering if this has been considered or done before: an SMTP server configured to receive email data, perform the required checks on it, and NOT send an OK reply to the DATA command if the email is to be rejected. This is exactly what action_bounce() does. So this behaviour would be somewhat against RFC guidelines, but I'd like you to consider what I think are major benefits to this kind of preemptive rejection. No. RFC says that you should either accept or reject. It only says you can't partially reject (which is impossible to do on SMTP level anyhow). When you reject, you can reject temporary (telling other side you currently have some problems, so it should retry) or permanently (telling other side it isn't going to happen). -- Aleksandar Milivojevic [EMAIL PROTECTED]Pollard Banknote Limited Systems Administrator 1499 Buffalo Place Tel: (204) 474-2323 ext 276 Winnipeg, MB R3T 1L7 ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Re: Lycos Screen saver that attacks Spammers, Ah more off topic...
From: Randy Hammock [EMAIL PROTECTED] Subject: Re: [Mimedefang] Re: Lycos Screen saver that attacks Spammers, Ahmore off topic... Lycos Screen Saver / Legal Zombies? Just wait until someone figures out how to hack all those Lycos zombies out there to perform DDoS's. What makes one zombie legal and another illegal? Legal = Volunteerily downloaded with full understanding of circumstances and consequences, and no packet spoofing or RFC violations. Illegal = Covertly installed allowing remote control of a system, modifying of packets to hide source IP address, ignoring RFC rules to cause a denial of service through exhaustion of resource (SYN flood, exhausting sessions), attempting active exploits against sources to gain unauthorized access, spreading itself in a virus like manner, etc... How is their screensaver any different than running a local Google server, (other than the fact the requests are much more targetted) or having the site Slashdotted? (which BTW, all the targets have been) Heck it was even nice of them to build in traffic throttling, although I for one am curious to know how that worked seeing as the clients don't know about each other... hmm... Now, while they supposedly built their screensaver to play nice so as to avoid criminal prosecution, it doesn't keep them from being sued on a civil basis. And according to one of the sites they marked for death, I think they'll be seeing some Cease and Desist letters here shortly. ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] mimedfang processes not dying
Hi all, I'm seeing a strange behavior in mimedefang, I can kill mimedefan-multiplexor but cannot kill mimedefang itself, other then sending it a kill -9, running linux kernel 2.4.26 with procps 3.2.1, mimedefang compiled using gcc 3.3.3 with glibc 2.3.3, here are the details: Using the init script from the EXAMPLES directory I started mimedefang, it launced mimedefang-multiplexor along with 3 mimedefangs: # /etc/rc.d/init.d/mimedefang start Starting mimedefang-multiplexor: [ OK ] Starting mimedefang: [ OK ] # ps -ef | grep mime defang1943 1 0 11:40 ?00:00:00 /usr/bin/mimedefang-multiplexor -p /var/spool/MIMEDefang/mimedefang-multiplexor.pid -m 2 -x 10 -U defang -b 600 -l -s /var/spool/MIMEDefang/mimedefang-multiplexor.sock defang1956 1 0 11:40 ?00:00:00 /usr/bin/mimedefang -P /var/spool/MIMEDefang/mimedefang.pid -m /var/spool/MIMEDefang/mimedefang-multiplexor.sock -U defang -p /var/spool/MIMEDefang/mimedefang.sock defang1957 1956 0 11:40 ?00:00:00 /usr/bin/mimedefang -P /var/spool/MIMEDefang/mimedefang.pid -m /var/spool/MIMEDefang/mimedefang-multiplexor.sock -U defang -p /var/spool/MIMEDefang/mimedefang.sock defang1958 1957 0 11:40 ?00:00:00 /usr/bin/mimedefang -P /var/spool/MIMEDefang/mimedefang.pid -m /var/spool/MIMEDefang/mimedefang-multiplexor.sock -U defang -p /var/spool/MIMEDefang/mimedefang.sock So there is the mimedefang-multiplexor and 3 mimedefang processes running, the multiplexor has process id 1943, and the 3 mimedfangs have 1956, 1957, 1958 as their process ids, looking into /var/spool/MIMEDefang/ for the .pid files I see: # cat mimedefang-multiplexor.pid 1943 # cat mimedfang.pid 1956 Process ids 1957 and 1958 are missing from mimedefang.pid file - so when I try to stop mimedefang I get: # /etc/rc.d/init.d/mimedefang stop Shutting down mimedefang: [ OK ] Shutting down mimedefang-multiplexor: [ OK ] The mimedefang-multiplexor is gone, but the 3 mimedefang processes are still there, and the .pid files are gone. # ps -ef |grep mime defang1956 1 0 11:40 ?00:00:00 /usr/bin/mimedefang -P /var/spool/MIMEDefang/mimedefang.pid -m /var/spool/MIMEDefang/mimedefang-multiplexor.sock -U defang -p /var/spool/MIMEDefang/mimedefang.sock defang1957 1956 0 11:40 ?00:00:00 /usr/bin/mimedefang -P /var/spool/MIMEDefang/mimedefang.pid -m /var/spool/MIMEDefang/mimedefang-multiplexor.sock -U defang -p /var/spool/MIMEDefang/mimedefang.sock defang1958 1957 0 11:40 ?00:00:00 /usr/bin/mimedefang -P /var/spool/MIMEDefang/mimedefang.pid -m /var/spool/MIMEDefang/mimedefang-multiplexor.sock -U defang -p /var/spool/MIMEDefang/mimedefang.sock When doing a kill the process does not die. Only a kill -9 kills mimedefang. I'm running linux kernel 2.4.26 with procps 3.2.1, I compiled mimedefang using gcc 3.3.3 with glibc 2.3.3, the configure line is simply: ./configure --prefix=/usr make make install Running strace on its I just see the following: select(7, [6], NULL, [6], {5, 5}= 0 (Timeout) select(7, [6], NULL, [6], {5, 0} = 0 (Timeout) select(7, [6], NULL, [6], {5, 0} = 0 (Timeout) select(7, [6], NULL, [6], {5, 0} = 0 (Timeout) Nothing gets reported when I try to kill the process, it just continues to print select. What could be wrong? ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang