Re: Melissa Virus
On 30 Mar 1999 [EMAIL PROTECTED] wrote: [SNIP] > In that sense, it isn't too different from a Linux user like myself > reading email via Emacs, seeing a uuencoded, gzip'ed executable, > unpacking it, and then running it, without regard for whether that's > safe. (Except, since it isn't just a few clicks away in that > environment, I'd have to read the docs to know how to set that up, > and thus know enough to not take such chances.) [SNIP] That's why after you ungzip a binary in Linux that you got from email, you do a: strings file | more on it. Usually if to contains questionable strings (like '/etc/shadow'), then you know to look out :) -Dustin
Re: qmail-popbull and multiple messages.
Matt Simerson writes: > > I just installed the qmail-popbull patches on a qmail 1.03 install and am > getting duplicate messags, one for every time a user checks their email. > I checked into it and the .timestamp file for their account isn't updting. > I have since worked around the problems like this "rm `ls > /usr/home/*/.timestamp`. I'd rather you fixed the problem rather than working around it. I'm curious what the matter could be. It's working here for me. -- -russ nelson <[EMAIL PROTECTED]> http://crynwr.com/~nelson Crynwr supports Open Source(tm) Software| PGPok | There is good evidence 521 Pleasant Valley Rd. | +1 315 268 1925 voice | that freedom is the Potsdam, NY 13676-3213 | +1 315 268 9201 FAX | cause of world peace.
Re: running qmail-pop3d in RH's /etc/init.d/*
Or, as it's RedHat, use the chkconfig utility after creating your rc script in the /etc/rc.d/init.d directory. It handles the creation of the symlinks, by run level. Saves you a few steps, and if consistently used produces consistent results (unlike my lets-toss-something-together usual level of consistency :-) -Tillman Hodgson "Soffen, Matthew" wrote: > OR What you do is add a single line to the /etc/rc.d/rc.local file. > > > -Original Message- > > From: [EMAIL PROTECTED] [SMTP:[EMAIL PROTECTED]] > > Sent: Monday, March 29, 1999 11:36 AM > > To: Greg > > Cc: [EMAIL PROTECTED] > > Subject: Re: running qmail-pop3d in RH's /etc/init.d/* > > > > On Mon, Mar 29, 1999 at 11:27:19PM -1000, Greg wrote: > > > yup, it is there /etc/init.d/ and it is executable, that's > > > what's got me stuffed? > > > i'll check out linuxconf, and it that fails, rc.local's the go... > > > that's how I do things on my "slack" boxes, even a nong! like me, > > > can follow that. > > > > > > > Hey, > > > > Did you figure it out? > > > > You have to simbolically link the files in /etc/rc.d/init.d to > > one of the startup directories. For example, here is how I > > have my qmail startup script done: > > > > [kbo@webmail /]$ ls -l /etc/rc.d/*/*qmail > > -rwxr-xr-x 1 root root 886 Mar 22 12:12 > > /etc/rc.d/init.d/qmail > > lrwxrwxrwx 1 root root 22 Mar 13 12:11 > > /etc/rc.d/rc0.d/K30qmail > > -> /etc/rc.d/init.d/qmail > > lrwxrwxrwx 1 root root 22 Mar 13 12:11 > > /etc/rc.d/rc1.d/K30qmail > > -> /etc/rc.d/init.d/qmail > > lrwxrwxrwx 1 root root 22 Mar 13 12:11 > > /etc/rc.d/rc2.d/K30qmail > > -> /etc/rc.d/init.d/qmail > > lrwxrwxrwx 1 root root 22 Mar 13 12:11 > > /etc/rc.d/rc3.d/S80qmail > > -> /etc/rc.d/init.d/qmail > > lrwxrwxrwx 1 root root 22 Mar 13 12:11 > > /etc/rc.d/rc4.d/K30qmail > > -> /etc/rc.d/init.d/qmail > > lrwxrwxrwx 1 root root 22 Mar 13 12:11 > > /etc/rc.d/rc5.d/K30qmail > > -> /etc/rc.d/init.d/qmail > > lrwxrwxrwx 1 root root 22 Mar 13 12:11 > > /etc/rc.d/rc6.d/K30qmail > > -> /etc/rc.d/init.d/qmail > > > > Ken Jones > > Inter7
Re: Melissa Virus
[EMAIL PROTECTED] writes: > Well, I've been looking into this throughout the day, > and the answer is non-trivial, because you have to separate out > the attachment and decode it (it'll be in base64) first. > Given that I haven't written any C at all in ages, and perl would > not be scalable enough, it's an uphill battle. My maildrop mail filter includes a standalone utility called 'reformime' which, amongst other things, can grab an arbitrary MIME attachment, and decode it. reformime is experimental, it may have a few glitches here and there, but, overall, it works. You will need to call it a couple of times -- first to get the 'MIME layout' of the E-mail message, basically a schematic of which attachments are attached where. Finally, use it again to decode the attachments. This will require you to write a suitable shell or perl wrapper, but the basic tools are there. See http://www.flounder.net/~mrsam/maildrop/ -- Sam
qmail-popbull and multiple messages.
I just installed the qmail-popbull patches on a qmail 1.03 install and am getting duplicate messags, one for every time a user checks their email. I checked into it and the .timestamp file for their account isn't updting. I have since worked around the problems like this "rm `ls /usr/home/*/.timestamp`. Matt `` Matt Simersonhttp://users.michweb.net/~matt MichWeb Inc. - President http://www.michweb.net The Art Farm - Technical Wizard http://www.theartfarm.com Better to dare Mighty Things and fail, than to live in __o a gray twilight where there is neither victory or _-\<,_ defeat. -- attributed to Theodore Roosevelt ..(_)/ (_) ``
Re: Melissa Virus
>[EMAIL PROTECTED] writes: > >> Yup, looks easy enough to change. I don't recognize the language >> (something akin to Basic, perhaps), but could probably reverse-engineer >> enough of it from that code snippet to play with it myself, if I wanted >> to waste time doing that sort of thing. (IMO it's rather pointless, >> since users of Microsoft Word already *have* viruses on their system -- >> W95, W98, Word, Office, etc. :) > >After reading about it in the press, all day, and on the web, I've come to >the conclusion that there's no doubt whatsoever that the goal of the >virus's author was to demonstrate the flawed technical foundation of the >Windows OS. If the author really had malicious intensions in mind, the >damage would've been far, far, greater. Indeed, and thanks to others as well for correcting me. Not long after I sent my email, I saw a remarkably decent little report (for a TV news show) on WJAR Channel 10 (Providence), where their "webmaster" explained that it wasn't just reading/opening the mail *itself* that caused the problem, but doing that and *then* opening the enclosed MS Word document, and that only if something she referred to as "Macros" hadn't been disabled. In that sense, it isn't too different from a Linux user like myself reading email via Emacs, seeing a uuencoded, gzip'ed executable, unpacking it, and then running it, without regard for whether that's safe. (Except, since it isn't just a few clicks away in that environment, I'd have to read the docs to know how to set that up, and thus know enough to not take such chances.) >The only reason something like this hasn't happened sooner is because MS >charges prohibitive fees for technical information that's needed in order >to write applications of this type, and only people who paid hefty sums of >money for subscriptions to MSDN, and various other MS developer programs, >would know enough to cook this up. The media reports I've seen don't tend to focus on the underlying problems of canned user applications defaulting to settings that make it easy for users to invite viruses and trojan horses to walk right in to their systems and do as they please. Instead, they focus on the fairly simple-minded sorts of filtering that has been discussed, and appropriately handwaved as an inappropriate kludge, on this list. Why do I get the impression all this MS software is set up that way so that people can get emails containing things like dancing babies without MS actually having to define a real protocol for animation (for example)? tq vm, (burley)
Re: Melissa Virus
>>since users of Microsoft Word already *have* viruses on their system -- >>W95, W98, Word, Office, etc. :) > >I see the smiley, but just have to point out: they're not viruses, because >they don't replicate themselves. Maybe they'd qualify as trojan horses? (Pretty much all viruses turn their hosts into trojan horses, right?) I was referring to the fact that these products manage to insinuate themselves into standard channels -- like email (SMTP), the web (HTTP), and so on -- in the "embrace and extend" fashion that results in my getting ugly-looking "MIME-encoded" emails, mostly from AOL users, and not being able to access many web sites due to their "viewable only by MSIE and Netscape" status. It's a stretch, of course, but the viral nature of that behavior is that people without the backbone/stubbornness/laziness of someone like me tend to think "well, I've got to get the same software -- I guess that makes sense" and help create more copies of the software. (And, oh, the annoyances of trying to explain to people, who don't realize they've become such conformists, that "why don't you just switch to MS products [so I don't have to learn to properly configure *mine* to play nice with the entire Internet]?" is *not* going to get a positive response from me!) Ah, perhaps I can somehow join in and help out convincing thoughtful people of the joys of properly, and *ethically*, engineered products, like qmail, which are designed to do one thing very well, instead of several things adequately so as to capture an audience. tq vm, (burley)
APOP with qmail
Hello, I was reading through how to use APOP, and is it required that you store plaintext passwords to support APOP? Is there any way I can just add APOP support to my existing setup without having users to edit a .poppasswd file? Robert S. Wojciechowski Jr. [EMAIL PROTECTED]
Re: Melissa Virus
On Mon, Mar 29, 1999 at 05:25:16PM -0700, Brad (Senior Systems Administrator) wrote: > > Anyone see any problem with writing something for qmail that > scans messages for code fragments, and dumps them to > /dev/null?? Well, I've been looking into this throughout the day, and the answer is non-trivial, because you have to separate out the attachment and decode it (it'll be in base64) first. Given that I haven't written any C at all in ages, and perl would not be scalable enough, it's an uphill battle. Also, if you're talking about any code fragments, I don't think that should happen. There are a few strings that are always going to be in macro viruses in order for them to be effective, and the plan is to search for those. -- Erik Nielsen, Cyberhighway Internet Services NOC I'm reminded of the day my daughter came in, looked over my shoulder at some Perl 4 code, and said, "What is that, swearing?" -- Larry Wall in <[EMAIL PROTECTED]>
Re: Melissa Virus
Anyone see any problem with writing something for qmail that scans messages for code fragments, and dumps them to /dev/null?? I agree with Mark.. There are a lot of people who see this as a political thing that _needs_ to be dealt with. Just inserting something, anything, to make the people with the money hand down some respect for our "rapid response" to this "crisis" would be nice. It bothers me that I have seen nothing (aside from a per-user solution) to globally generate a "solution". I personally don't care if this solution is a "perfect" one, but I would like to assist in the development of something on the server end of the aspect, which will help the "situation".. If you know what I mean. I know it is not a flaw with qmail, and I typically go with: if its not broke, don't fix it. But I am the curious one, and would like to know how to do this anyway. Thanks, Brad
Re: Melissa Virus
[EMAIL PROTECTED] writes: > Yup, looks easy enough to change. I don't recognize the language > (something akin to Basic, perhaps), but could probably reverse-engineer > enough of it from that code snippet to play with it myself, if I wanted > to waste time doing that sort of thing. (IMO it's rather pointless, > since users of Microsoft Word already *have* viruses on their system -- > W95, W98, Word, Office, etc. :) After reading about it in the press, all day, and on the web, I've come to the conclusion that there's no doubt whatsoever that the goal of the virus's author was to demonstrate the flawed technical foundation of the Windows OS. If the author really had malicious intensions in mind, the damage would've been far, far, greater. The only reason something like this hasn't happened sooner is because MS charges prohibitive fees for technical information that's needed in order to write applications of this type, and only people who paid hefty sums of money for subscriptions to MSDN, and various other MS developer programs, would know enough to cook this up. -- Sam
Re: Important Mail From: (was Re: Melissa Virus)
Richard Letts writes: > On Mon, 29 Mar 1999, Mark E Drummond wrote: > > > Here we have a serious problem folks. Sendmail had a "fix" out for > > Melissa very shortly after it came out, and we are sitting pretty. I > > made a big push here to move our org to qmail because qmail seemed to be > > way superior. Now I am really ticked by my inability to write/use simple > > rulesets to solve this problem. > > laughs > > so you want to randomly reject mail which contains a subject of Important > mail from something ??? > > it's hardly a sensible fix, really now is it?? Furthermore, if I really cared for it, it would take me about five minutes to program my Qmail relay to reject the Mellissa virus, however, for various reasons that I don't care to get into, I am not susceptible to this or other MS-based viruses. Some people seem to expect for everything to be handed down to them on a silver platter. Block a virus? Here, flip this switch. Reject mail with a bad return address? Here, push this button. Configure your site for selective relaying? Just type this command. Nope, it doesn't work this way. Read the docs, read the man pages, it's all there. -- Sam
Melissa Mutations
This should not surprise anyone on this list, but it does serve as excellent confirmation of why simply filtering on the Subject: header to attempt to block the Melissa virus (as in the Sendmail patch) was a bad idea: mutations have already been discovered. Details (though mostly intended for a general audience) at: http://www.zdnet.com/zdnn/stories/news/0,4586,2233667,00.html - Kai MacTane System Administrator Online Partners.com, Inc. - >From the Jargon File: (v4.0.0, 25 Jul 1996) feature shock /n./ [from Alvin Toffler's book title "Future Shock"] A user's (or programmer's!) confusion when confronted with a package that has too many features and poor introductory material.
Re: Melissa Virus
Text written by [EMAIL PROTECTED] at 09:30 PM 3/29/99 -: > >Yup, looks easy enough to change. I don't recognize the language >(something akin to Basic, perhaps) It's Visual Basic for Applications, aka VBA. It's a Visual Basic variant that Microsoft uses as their macro language for all Office apps. >since users of Microsoft Word already *have* viruses on their system -- >W95, W98, Word, Office, etc. :) I see the smiley, but just have to point out: they're not viruses, because they don't replicate themselves. Maybe they'd qualify as trojan horses? >So, indeed, the problem is just that some people stupidly use MUA's >that, when you "open" an email (aka "read it"), they decide to execute >whatever code they can determine is included (via attachment, whatever), >without restricting the environment for such code. > >Or am I missing someting? Sort of. The problem isn't really the MUAs so much as the user behaviors: the user has to explicitly activate the virus-attachment. I don't know of any Windows MUAs that *automatically* run any attachment they receive -- even Windows users would consider that a security risk. In general in the Windows world, when you open an attachment, the MUA tells the OS to load the appropriate app for viewing files of that type (where "type" is determined solely by filename extension, of course, rather than something sane like header info). It's not considered to be the MUA's job to sanitize the execution environment for another application, and it may even be impossible on Windows' architecture. So the problem is twofold: the OS this virus affects sucks rocks, and we have users activating attachments whose contents they're not sure of. To give the users some credit though, the attachments are coming from *known* sources: Melissa sends herself to addresses found in Outlook's address book, which are presumably people the infected address normally corresponds with. Of course, if the recipient users were smart, they might think "what important information I asked you for?" - Kai MacTane System Administrator Online Partners.com, Inc. - >From the Jargon File: (v4.0.0, 25 Jul 1996) scram switch /n./ [from the nuclear power industry] An emergency-power-off switch (see Big Red Switch), esp. one positioned to be easily hit by evacuating personnel. In general, this is *not* something you frob lightly; these often initiate expensive events (such as Halon dumps) and are installed in a dinosaur pen for use in case of electrical fire or in case some luckless field servoid should put 120 volts across himself while Easter egging.
Re: Melissa Virus
[EMAIL PROTECTED] writes:
> The sendmail "fix" is silly. It's 4 lines (or something), and all it does
> is search for a string in the subject line. That "fix" is more
> likely to bounce good mail than it is to catch the virus.
Indeed. Legitimate messages do occasionally contain the same ``Important
Message From'' subject line that the Melissa worm produces. If, however,
someone does want this ``fix'' for qmail, here's a sample one-liner to
put before ./Mailbox in /var/qmail/rc or in the POP-toaster .qmail file:
| bouncesaying VIRUS awk '/^Subject: I am a virus/{exit 0}/^$/{exit 1}END{exit 1}'
To test, put this line into ~you/.qmail-melissa and send some messages
to you-melissa. If you have Microsoft users with their own .qmail files,
they can decide for themselves whether to add this to .qmail.
---Dan
RE: anyone got the melissa macro?
Well we had it here this morning. The actual virus is in a word document. So I think what you are talking about doing would not work. Todd -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Monday, March 29, 1999 3:12 PM To: [EMAIL PROTECTED] Subject: anyone got the melissa macro? The existing patches for this macro virus seem to me to miss the mark. Does anyone on this list currently have a copy of the macro virus? I would like to get a copy of it, so I can work on developing a more discriminating patch against it. Trying to block a virus like this by its signature text is, to me, silly, since anyone intending on using the thing to do harm could easily change those aspects. Therefore, perhaps a general macro virus protection scheme is in order. Unfortunately, I haven't had any experience at all with macro viruses, so I need a copy of this one to work off of. Preliminarily, I was thinking of looking for things like AutoOpen, AutoExec, messing with the registry, and rewriting normal.dot. Any other suggestions? Is anyone else already doing this? I don't want to reinvent the wheel, but I don't want to go for a commercial antivirus package either. A free software (in the FSF sense) antivirus package would probably be acceptable though, but I don't know of any of those. -- Erik Nielsen, Cyberhighway Internet Services NOC I knew I'd hate COBOL the moment I saw they'd used "perform" instead of "do". -- Larry Wall on a not-so-popular programming language
Re: Melissa Virus
>FWIW, the subject line is hard coded into the virus. That said of course, >the virus code is easily extractable and thus can be simply altered to >bypass such filters. Yup, looks easy enough to change. I don't recognize the language (something akin to Basic, perhaps), but could probably reverse-engineer enough of it from that code snippet to play with it myself, if I wanted to waste time doing that sort of thing. (IMO it's rather pointless, since users of Microsoft Word already *have* viruses on their system -- W95, W98, Word, Office, etc. :) >The point about any "fix" of this nature is that people like to do something >quickly and worry about a "pure" solution later on. Rumour has it that >Microsoft's quick fix was to shut down their Internet mail servers... Not just rumor. CNBC reported that earlier today (around lunchtime). Saw it myself. I just looked at this "virus". It's some kind of code. Like I assumed, when I first saw the TV reports on it. So, indeed, the problem is just that some people stupidly use MUA's that, when you "open" an email (aka "read it"), they decide to execute whatever code they can determine is included (via attachment, whatever), without restricting the environment for such code. There's no real prevention for this sort of problem, other than no longer using MUA's that behave like that. Or am I missing someting? tq vm, (burley)
Important Mail From: (was Re: Melissa Virus)
On Mon, 29 Mar 1999, Mark E Drummond wrote: > Here we have a serious problem folks. Sendmail had a "fix" out for > Melissa very shortly after it came out, and we are sitting pretty. I > made a big push here to move our org to qmail because qmail seemed to be > way superior. Now I am really ticked by my inability to write/use simple > rulesets to solve this problem. laughs so you want to randomly reject mail which contains a subject of Important mail from something ??? it's hardly a sensible fix, really now is it?? Richard
Temporary_error_on_maildir_delivery
I've set up Maildir, but now i don't know what is this Can you help me (Temporary_error_on_maildir_delivery - #4.3.0) Is problem with ownership? What likeshould it be for ./Maildir/ ? Mar 29 22:19:06 qmail: 922738746.416664 new msg 221509 Mar 29 22:19:06 qmail: 922738746.417893 info msg 221509: bytes 464 from <[EMAIL PROTECTED]> qp 160 uid 1000 Mar 29 22:19:06 qmail: 922738746.451159 starting delivery 5: msg 221509 to local [EMAIL PROTECTED] Mar 29 22:19:06 qmail: 922738746.452192 status: local 1/10 remote 0/20 Mar 29 22:19:06 qmail: 922738746.525523 delivery 5: deferral: Temporary_error_on_maildir_delivery._(#4.3.0)/ Mar 29 22:19:06 qmail: 922738746.526567 status: local 0/10 remote 0/20
Re: Urgent question
At 12:35 PM Monday 3/29/99, Rafael Correa wrote: > > >Hi list, > > > >How to setup qmail to catch all email to a domain or simply redirect all > >email for that domain to other machine running the email service. Oh, a virtual domain. How did you go with the discussion in FAQ 3.2 and 3.3? > >for example > >we have a thedomain.com running in our server, for services as httpd, >ftp, etc..., but we want to handle all emails as [EMAIL PROTECTED] >in other machine running the email server for that domain, how I should >configure qmail to handle this. > >thanks very much > > >carlos > > > >
Re: Melissa Virus
At 03:48 PM Monday 3/29/99, Mark E Drummond wrote: >Mark E Drummond wrote: >> >> Here we have a serious problem folks. Sendmail had a "fix" out for > >For what it is worth, I am not even going to bother with this now. Not >much point really since an inline script would just increase load and >since the "fix" for sendmail is dependant on the Subject line of the >email. Not much of a fix really ... FWIW, the subject line is hard coded into the virus. That said of course, the virus code is easily extractable and thus can be simply altered to bypass such filters. The point about any "fix" of this nature is that people like to do something quickly and worry about a "pure" solution later on. Rumour has it that Microsoft's quick fix was to shut down their Internet mail servers... Regards.
Re: Melissa Virus
On Mon, Mar 29, 1999 at 12:55:58PM -0800, Rob Genovesi wrote: > This fix seems like a perfectly good idea to me. If the subject line is > autmatically created by the Virus macro and then sending it out 50 times, > rejecting these 50 messages would stop the propagation of the Virus. Don't > discount the effectiveness of this "fix" because of its simplicity. The problem is that it's far from foolproof...there are already versions of the virus that send out with blank subject lines, and I'm sure there are other subject lines out there too. So, the subject line checking is next to useless...any self-respecting cracker would change the thing around after they saw sendmail's "fix". Even a script kiddie could probably figure out how to change it. -- Erik Nielsen, Cyberhighway Internet Services NOC So I'm thinking about ??, or !!, or //, or \\, or whatever. But I think I like ?? the best so far. Or the least worst. -- Larry Wall in <[EMAIL PROTECTED]>
Re: anyone got the melissa macro?
Erik, I am sending you a copy __ This message has been checked for viruses by the Star Screening System http://www.star.co.uk
Re: Urgent question
Hi, 1) In DNS set up the MX records for that domain to include the name of the machine you wish to handle that domains mail, as the lowest numbered MX. 2) put the domain name in /var/qmail/rcpthosts on the machine that will be receiving the mail for the domain. 3) put the domain name in either /var/qmail/virtualdomains(with accountname) or /var/qmail/locals depending on whether the machine is only handling mail for one domain (locals) or multiple domains (virtualdomains) Hope this helps Gerry At 12:35 PM 3/29/99 -0800, Rafael Correa <[EMAIL PROTECTED]> wrote: >Hi list, > >How to setup qmail to catch all email to a domain or simply redirect all >email for that domain to other machine running the email service. > >for example >we have a thedomain.com running in our server, for services as httpd, >ftp, etc..., but we want to handle all emails as [EMAIL PROTECTED] >in other machine running the email server for that domain, how I should >configure qmail to handle this. > >thanks very much >carlos
Re: Melissa Virus
>This fix seems like a perfectly good idea to me. If the subject line is >autmatically created by the Virus macro and then sending it out 50 times, >rejecting these 50 messages would stop the propagation of the Virus. Don't >discount the effectiveness of this "fix" because of its simplicity. Not true. We are now seeing secondary infections where people are sending out other word documents not realising that they are infected by melissa. Checking the subject line only traps the emails generated by the outlook engine. __ This message has been checked for viruses by the Star Screening System http://www.star.co.uk
Urgent question
Hi list, How to setup qmail to catch all email to a domain or simply redirect all email for that domain to other machine running the email service. for example we have a thedomain.com running in our server, for services as httpd, ftp, etc..., but we want to handle all emails as [EMAIL PROTECTED] in other machine running the email server for that domain, how I should configure qmail to handle this. thanks very much carlos
RE: anyone got the melissa macro?
root.com has it posted; here is the URL: http://www.root.org/melissa_virus.txt That is the actual virus, so view it, don't execute it. I am not responsible for people following the link and doing something stupid with it. Scott Swanson Sysadmin, CTW Online -Original Message- From: Vince Vielhaber [mailto:[EMAIL PROTECTED]] Sent: Monday, March 29, 1999 3:55 PM To: [EMAIL PROTECTED] Subject: RE: anyone got the melissa macro? On 29-Mar-99 [EMAIL PROTECTED] wrote: > The existing patches for this macro virus seem to me to miss the mark. > Does anyone on this list currently have a copy of the macro virus? > I would like to get a copy of it, so I can work on developing a more > discriminating patch against it. Check the BUGTRAQ archives on www.geek-girl.com (think I got that right). I thought someone posted the source to it on Friday - but I also thought I saved it and didn't.
Re: Melissa Virus
This fix seems like a perfectly good idea to me. If the subject line is autmatically created by the Virus macro and then sending it out 50 times, rejecting these 50 messages would stop the propagation of the Virus. Don't discount the effectiveness of this "fix" because of its simplicity. Btw ... what is the easiest way to do the same thing to Qmail? >The sendmail "fix" is silly. It's 4 lines (or something), and all it does >is search for a string in the subject line. That "fix" is more >likely to bounce good mail than it is to catch the virus. Rob Genovesi [EMAIL PROTECTED]
RE: anyone got the melissa macro?
On 29-Mar-99 [EMAIL PROTECTED] wrote: > The existing patches for this macro virus seem to me to miss the mark. > Does anyone on this list currently have a copy of the macro virus? > I would like to get a copy of it, so I can work on developing a more > discriminating patch against it. Check the BUGTRAQ archives on www.geek-girl.com (think I got that right). I thought someone posted the source to it on Friday - but I also thought I saved it and didn't. Vince. -- == Vince Vielhaber -- KA8CSH email: [EMAIL PROTECTED] flame-mail: /dev/null # includeTEAM-OS2 Online Campground Directoryhttp://www.camping-usa.com Online Giftshop Superstorehttp://www.cloudninegifts.com ==
Re: Melissa Virus
Mark E Drummond wrote: > > Here we have a serious problem folks. Sendmail had a "fix" out for For what it is worth, I am not even going to bother with this now. Not much point really since an inline script would just increase load and since the "fix" for sendmail is dependant on the Subject line of the email. Not much of a fix really ... -- _ Mark E Drummond Royal Military College of Canada [EMAIL PROTECTED] Computing Services Linux Uber Alles perl || die
Re: Melissa Virus
>> On Mon, 29 Mar 1999 15:01:37 -0500, >> Mark E Drummond <[EMAIL PROTECTED]> said: M> Here we have a serious problem folks. Sendmail had a "fix" out for M> Melissa very shortly after it came out, and we are sitting pretty. I M> made a big push here to move our org to qmail because qmail seemed to be M> way superior. Now I am really ticked by my inability to write/use simple M> rulesets to solve this problem. M> If anyone knows how to insert a filter of some sort into the qmail M> stream I'd love to hear about it, else I can see qmail getting the boot, M> and I _really_ don't want to have to go back to sendmail! FWIW, I use procmail to handle local mail delivery and filtering. Here's my ~/.qmail file: | preline /usr/local/bin/procmail Some procmail rules for sanitizing mail in general (including a specific mail recipe for Melissa) can be found here: http://www.wolfenet.com/~jhardin/html-trap.procmail -- Karl Vogel ASC/YCOA, Wright-Patterson AFB, OH 45433, USA [EMAIL PROTECTED] or [EMAIL PROTECTED]
Re: Melissa Virus
-BEGIN PGP MESSAGE- Version: 2.6.2 iQB1AwUBNv/hnZaQnaaFII2dAQF93gMAsS9Inkzt0+IiVMcetJjudi0F0Gq9znZY SivVfogJrkYQLPtSZB9z+qS2eJ+VstiwUJYfqVvIO5oFCd1tCfHQGSOs98dH5MiA fheFLp5Ckiu/TLM4rvXT7k8DT7PVqpuu =S22P -END PGP MESSAGE-
Re: Melissa Virus
On Mon, Mar 29, 1999 at 03:01:37PM -0500, Mark E Drummond wrote: > Here we have a serious problem folks. Sendmail had a "fix" out for > Melissa very shortly after it came out, and we are sitting pretty. I > made a big push here to move our org to qmail because qmail seemed to be > way superior. Now I am really ticked by my inability to write/use simple > rulesets to solve this problem. The sendmail "fix" is silly. It's 4 lines (or something), and all it does is search for a string in the subject line. That "fix" is more likely to bounce good mail than it is to catch the virus. At any rate, I just sent off a plea to the list for a copy of this virus to work from. If and when I come up with something acceptable, it will be released to the qmail community, probably under the GPL, but definitely for free. I'm undecided on whether to patch the source, or just make a standalone program to be called from a .qmail file. -- Erik Nielsen, Cyberhighway Internet Services NOC USER, n.: The word computer professionals use when they mean "idiot." -- Dave Barry, "Claw Your Way to the Top"
anyone got the melissa macro?
The existing patches for this macro virus seem to me to miss the mark. Does anyone on this list currently have a copy of the macro virus? I would like to get a copy of it, so I can work on developing a more discriminating patch against it. Trying to block a virus like this by its signature text is, to me, silly, since anyone intending on using the thing to do harm could easily change those aspects. Therefore, perhaps a general macro virus protection scheme is in order. Unfortunately, I haven't had any experience at all with macro viruses, so I need a copy of this one to work off of. Preliminarily, I was thinking of looking for things like AutoOpen, AutoExec, messing with the registry, and rewriting normal.dot. Any other suggestions? Is anyone else already doing this? I don't want to reinvent the wheel, but I don't want to go for a commercial antivirus package either. A free software (in the FSF sense) antivirus package would probably be acceptable though, but I don't know of any of those. -- Erik Nielsen, Cyberhighway Internet Services NOC I knew I'd hate COBOL the moment I saw they'd used "perform" instead of "do". -- Larry Wall on a not-so-popular programming language
Re: Melissa Virus
Here we have a serious problem folks. Sendmail had a "fix" out for Melissa very shortly after it came out, and we are sitting pretty. I made a big push here to move our org to qmail because qmail seemed to be way superior. Now I am really ticked by my inability to write/use simple rulesets to solve this problem. If anyone knows how to insert a filter of some sort into the qmail stream I'd love to hear about it, else I can see qmail getting the boot, and I _really_ don't want to have to go back to sendmail! -- _ Mark E Drummond Royal Military College of Canada [EMAIL PROTECTED] Computing Services Linux Uber Alles perl || die
Re: Restrict outbound mail (How to)
I am using open-smtp that Russell Nelson wrote. Works great! Available at www.qmail.org Hope this helps Gerry Boudreaux At 01:17 PM 3/29/99 -0500, you wrote: >Mime-Version: 1.0 > >Content-Type: text/plain; charset=us-ascii > >Content-Transfer-Encoding: 7bit > >Content-MD5: NSKRjN+D4QhC+S2LIr1kfw== > > > > >Hello list > > > > > > > >I have to restrict outbound mail (outside my domain) to only authorized users, > >I cannot do it based on IP addresses because station's IP addresses are > >dynamically attributed (DHCP), I would need a mechanism similar to POP3 >where the user > >has to input a password to access his mailbox but for outbound mail: > >e.g: When the user clicks on send, he would have to input his pop3 password >for his > >mail to be sent. > > > >Does anybody know of a way of achieving this ?? > > > >Thanks > > > >Christian Tremblay > > > > >
Restrict outbound mail (How to)
Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Content-MD5: NSKRjN+D4QhC+S2LIr1kfw== Hello list I have to restrict outbound mail (outside my domain) to only authorized users, I cannot do it based on IP addresses because station's IP addresses are dynamically attributed (DHCP), I would need a mechanism similar to POP3 where the user has to input a password to access his mailbox but for outbound mail: e.g: When the user clicks on send, he would have to input his pop3 password for his mail to be sent. Does anybody know of a way of achieving this ?? Thanks Christian Tremblay
Re: FW: GET ME OFF THIS DAMN LIST
On 29 Mar 1999 16:00:32 -, Russell Nelson wrote: >Hehe. If it were so obvious it wouldn't be so controversial. In my >experience, it doesn't help a whit. rfc2369 is the way to do it. Promoting it to MUA authors should help. -Sincerely, Fred (Frederik Lindberg, Infectious Diseases, WashU, St. Louis, MO, USA)
stay linefeeds
Does anyone have a URL to that qmail-smtpd patch? Dax Kelson
Re: poor documentation example
On Sat, Mar 27, 1999 at 10:25:02PM -0800, Russ Allbery wrote: > Dan, would you consider providing some way for the installation location > to be different than the final run location? The method I have used (successfully) is to set up conf-home for the run location, do a make, and then set conf-home for the install location and run "make install". It will only rebuild those files needed for the install binary without touching the others. -- Bruce Guenter, QCC Communications Corp. EMail: [EMAIL PROTECTED] Phone: (306)249-0220 WWW: http://www.qcc.sk.ca/~bguenter/
RE: running qmail-pop3d in RH's /etc/init.d/*
OR What you do is add a single line to the /etc/rc.d/rc.local file. > -Original Message- > From: [EMAIL PROTECTED] [SMTP:[EMAIL PROTECTED]] > Sent: Monday, March 29, 1999 11:36 AM > To: Greg > Cc: [EMAIL PROTECTED] > Subject: Re: running qmail-pop3d in RH's /etc/init.d/* > > On Mon, Mar 29, 1999 at 11:27:19PM -1000, Greg wrote: > > yup, it is there /etc/init.d/ and it is executable, that's > > what's got me stuffed? > > i'll check out linuxconf, and it that fails, rc.local's the go... > > that's how I do things on my "slack" boxes, even a nong! like me, > > can follow that. > > > > Hey, > > Did you figure it out? > > You have to simbolically link the files in /etc/rc.d/init.d to > one of the startup directories. For example, here is how I > have my qmail startup script done: > > [kbo@webmail /]$ ls -l /etc/rc.d/*/*qmail > -rwxr-xr-x 1 root root 886 Mar 22 12:12 > /etc/rc.d/init.d/qmail > lrwxrwxrwx 1 root root 22 Mar 13 12:11 > /etc/rc.d/rc0.d/K30qmail > -> /etc/rc.d/init.d/qmail > lrwxrwxrwx 1 root root 22 Mar 13 12:11 > /etc/rc.d/rc1.d/K30qmail > -> /etc/rc.d/init.d/qmail > lrwxrwxrwx 1 root root 22 Mar 13 12:11 > /etc/rc.d/rc2.d/K30qmail > -> /etc/rc.d/init.d/qmail > lrwxrwxrwx 1 root root 22 Mar 13 12:11 > /etc/rc.d/rc3.d/S80qmail > -> /etc/rc.d/init.d/qmail > lrwxrwxrwx 1 root root 22 Mar 13 12:11 > /etc/rc.d/rc4.d/K30qmail > -> /etc/rc.d/init.d/qmail > lrwxrwxrwx 1 root root 22 Mar 13 12:11 > /etc/rc.d/rc5.d/K30qmail > -> /etc/rc.d/init.d/qmail > lrwxrwxrwx 1 root root 22 Mar 13 12:11 > /etc/rc.d/rc6.d/K30qmail > -> /etc/rc.d/init.d/qmail > > Ken Jones > Inter7
Re: running qmail-pop3d in RH's /etc/init.d/*
On Mon, Mar 29, 1999 at 11:27:19PM -1000, Greg wrote: > yup, it is there /etc/init.d/ and it is executable, that's > what's got me stuffed? > i'll check out linuxconf, and it that fails, rc.local's the go... > that's how I do things on my "slack" boxes, even a nong! like me, > can follow that. > Hey, Did you figure it out? You have to simbolically link the files in /etc/rc.d/init.d to one of the startup directories. For example, here is how I have my qmail startup script done: [kbo@webmail /]$ ls -l /etc/rc.d/*/*qmail -rwxr-xr-x 1 root root 886 Mar 22 12:12 /etc/rc.d/init.d/qmail lrwxrwxrwx 1 root root 22 Mar 13 12:11 /etc/rc.d/rc0.d/K30qmail -> /etc/rc.d/init.d/qmail lrwxrwxrwx 1 root root 22 Mar 13 12:11 /etc/rc.d/rc1.d/K30qmail -> /etc/rc.d/init.d/qmail lrwxrwxrwx 1 root root 22 Mar 13 12:11 /etc/rc.d/rc2.d/K30qmail -> /etc/rc.d/init.d/qmail lrwxrwxrwx 1 root root 22 Mar 13 12:11 /etc/rc.d/rc3.d/S80qmail -> /etc/rc.d/init.d/qmail lrwxrwxrwx 1 root root 22 Mar 13 12:11 /etc/rc.d/rc4.d/K30qmail -> /etc/rc.d/init.d/qmail lrwxrwxrwx 1 root root 22 Mar 13 12:11 /etc/rc.d/rc5.d/K30qmail -> /etc/rc.d/init.d/qmail lrwxrwxrwx 1 root root 22 Mar 13 12:11 /etc/rc.d/rc6.d/K30qmail -> /etc/rc.d/init.d/qmail Ken Jones Inter7
Re: Virus-check for incoming mails with qmail
On Mon, 29 Mar 1999 16:47:15 BST "Alex Shipp" wrote: > >This sounds interesting, would you mind to explain how your setup works? > > We have a front-end to qmail-inject which splits off all mail attachments, > and passes them through three virus scanners. If a virus is detected, the > original mail is canned, and warning mails are generated to the sender and > recipients. We usually catch about 70 per day, but obviously this has gone > off the scale today with Melissa Okay, but you do mind to show us your frontend, right ? :-) Greetings, Sascha
Re: FW: GET ME OFF THIS DAMN LIST
Andrzej Kukula writes: > On 29 Mar 99 at 12:46, Russell Nelson wrote: > > > Andrzej Kukula writes: > > > qmail mailing list - to unsubscribe, email [EMAIL PROTECTED] > > > > Do you have any evidence that it actually succeeds in reducing > > unsubscribes sent to the list? > > No, I don't waste time to proove obvious things. Hehe. If it were so obvious it wouldn't be so controversial. In my experience, it doesn't help a whit. -- -russ nelson <[EMAIL PROTECTED]> http://crynwr.com/~nelson Crynwr supports Open Source(tm) Software| PGPok | There is good evidence 521 Pleasant Valley Rd. | +1 315 268 1925 voice | that freedom is the Potsdam, NY 13676-3213 | +1 315 268 9201 FAX | cause of world peace.
Re: Virus-check for incoming mails with qmail
>This sounds interesting, would you mind to explain how your setup works? We have a front-end to qmail-inject which splits off all mail attachments, and passes them through three virus scanners. If a virus is detected, the original mail is canned, and warning mails are generated to the sender and recipients. We usually catch about 70 per day, but obviously this has gone off the scale today with Melissa __ This message has been checked for viruses by the Star Screening System http://www.star.co.uk
Re: running qmail-pop3d in RH's /etc/init.d/*
the proper way to do this in RH is through the program 'chkconfig'. it would appear though that chkconfig does not like scripts with an extension such as .init. took me a while to figure that one out. (this is on RH5.2) -Fred Krzysztof Dabrowski wrote: > At 22:56 99-03-29 -1000, Greg wrote: > > > >the script qmail-pop3d.init exists in the same place > >as qmail-smtpd.init and qmail.init, but it doesn't start on > >boot-up? I'm beginning to dislike the way RH "hides" stuff ;( > >please have I missed something? > > Redhat doesn't hide anything. > > first cat your /etc/inittab and find a line with initdefault. something like: > > id:3:initdefault > > now you see that in my case, my default runlevel is 3. > now just make a link from /etc/rc.d/rc3.d/ to your init script > and give it a name beginig with Sxxsomething , where xx is a valuer from 00 > to 99 (take 99 for example). > And that's all. > > Kris -- First they ignore you. Then they laugh at you. Then they fight you. Then you win.
Re: FW: GET ME OFF THIS DAMN LIST
On 29 Mar 99 at 12:46, Russell Nelson wrote: > Andrzej Kukula writes: > > qmail mailing list - to unsubscribe, email [EMAIL PROTECTED] > > Do you have any evidence that it actually succeeds in reducing > unsubscribes sent to the list? No, I don't waste time to proove obvious things. This *do* work, what any may see using hotmail, mailexcite, yahoo, or other free mail accounts. ITOH why do you add the signature to your email messages? Because you believe -- you have no proven evidence -- that someone reads it. There *is* an evidence that people review magazines from the last page to the first (I work in the newspaper), also there's an evidence that people tend to focus on the beginning and on the end of articles (like the subject and postscriptum/signature/footnote of an e-mail). andrzej P.S. Didn't you read this line?
Re: rblsmtpd just defers to my mx backup, so I get the spam :-(
From: Peter Gradwell <[EMAIL PROTECTED]> : If so, would it be possible to have rblsmtpd actually bounce the mail : for people on the dul list? : : It seems you can't win really :-( Using -b on the command line will tell rblsmtpd to use a permanent error code (553) instead of a temporary one. --Adam
Re: Virus-check for incoming mails with qmail
On Mon, 29 Mar 1999 10:22:21 BST "Alex Shipp" wrote: > > >Does anyone have experience with MTA virus checking? All I heard of was > >slowing down mail for a company up to two days. That may be simply an > >inappropriate machine but it triggers all kinds of alarm in my head. > > > We pass all our mail through 3 scanners. For an average sized mail, > this takes about 5 seconds elapsed time. This sounds interesting, would you mind to explain how your setup works? Sascha
Re: running qmail-pop3d in RH's /etc/init.d/*
Hej QMail. Mon 29 Mar 1999 23:27, Greg <[EMAIL PROTECTED]> wrote: > yup, it is there /etc/init.d/ and it is executable, that's > what's got me stuffed? > i'll check out linuxconf, and it that fails, rc.local's the go... run: chkconfig qmail-pop3d.init on -- Med venlig hilsen / Best Regards Odinn Sørensen (Mailserver division) / World Online Denmark A/S Peter Bangs Vej 26, 2000 Frederiksberg, Denmark Tlf. (+45) 38 14 70 00 - Fax (+45) 38 14 70 07
Re: rblsmtpd just defers to my mx backup, so I get the spam :-(
On Mon, 29 Mar 1999, Peter Gradwell wrote: [snip] > Given that rblsmtpd only ever defer's mail, and it doesn't actually > reject it (to give sys admins time to fix their broken systems) is it > likely that the spam is going to reach me via my relay every time? > > If so, would it be possible to have rblsmtpd actually bounce the mail > for people on the dul list? At least in version 0.70, -b will do what you want, as documented in 'man rblsmtpd'. > It seems you can't win really :-( > > peter. > > -- > peter at gradwell dot com; online @ http://www.gradwell.com/ > > "To look back all the time is boring. Excitement lies in tomorrow" > -- "Life is much too important to be taken seriously." Thomas Erskine<[EMAIL PROTECTED]>(613) 998-2836
Re: running qmail-pop3d in RH's /etc/init.d/*
yup, it is there /etc/init.d/ and it is executable, that's what's got me stuffed? i'll check out linuxconf, and it that fails, rc.local's the go... that's how I do things on my "slack" boxes, even a nong! like me, can follow that. thanks t wrote: > > Use linuxconf to isntall the service or add it to a rc file ... there is a > directory you can copy the scripts to /etc/rc.d/init.d/ if the script it > there (which i assume it is... as it looks like in your subject you just > made a boo boo.) then make sure it is marked for execution. Another way is > to simply call the script from your rc.local and execute it that way. Either > way make sure it is executable. > > Todd > > -Original Message- > From: Greg [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, March 30, 1999 3:57 AM > To: QMail > Subject: running qmail-pop3d in RH's /etc/init.d/* > > the script qmail-pop3d.init exists in the same place > as qmail-smtpd.init and qmail.init, but it doesn't start on > boot-up? I'm beginning to dislike the way RH "hides" stuff ;( > please have I missed something? > > -- > Greg > ICQ# 17606315 > Phone : +61 7 4125 1180 > > ... and the box said "windows 95, or better", so I got Linux > _ -- Greg ICQ# 17606315 Phone : +61 7 4125 1180 ... and the box said "windows 95, or better", so I got Linux _
Re: running qmail-pop3d in RH's /etc/init.d/*
At 22:56 99-03-29 -1000, Greg wrote: > >the script qmail-pop3d.init exists in the same place >as qmail-smtpd.init and qmail.init, but it doesn't start on >boot-up? I'm beginning to dislike the way RH "hides" stuff ;( >please have I missed something? Redhat doesn't hide anything. first cat your /etc/inittab and find a line with initdefault. something like: id:3:initdefault now you see that in my case, my default runlevel is 3. now just make a link from /etc/rc.d/rc3.d/ to your init script and give it a name beginig with Sxxsomething , where xx is a valuer from 00 to 99 (take 99 for example). And that's all. Kris
running qmail-pop3d in RH's /etc/init.d/*
the script qmail-pop3d.init exists in the same place as qmail-smtpd.init and qmail.init, but it doesn't start on boot-up? I'm beginning to dislike the way RH "hides" stuff ;( please have I missed something? -- Greg ICQ# 17606315 Phone : +61 7 4125 1180 ... and the box said "windows 95, or better", so I got Linux _
Re: rblsmtpd just defers to my mx backup, so I get the spam :-(
Peter Gradwell writes: > now, polaris.uk.insnet.net is my secondary mail relay. the spammer > will have tried to deliver this mail to ice.gradwell.com, however, it > will have been blackholed because I'm running rblsmtpd using the DUL > MAPS list to filter my mail. Now you're finding out why some people deprecate secondary MX records. > If so, would it be possible to have rblsmtpd actually bounce the mail > for people on the dul list? You have the source. I don't recall a command-line option to enable this. -- -russ nelson <[EMAIL PROTECTED]> http://crynwr.com/~nelson Crynwr supports Open Source(tm) Software| PGPok | There is good evidence 521 Pleasant Valley Rd. | +1 315 268 1925 voice | that freedom is the Potsdam, NY 13676-3213 | +1 315 268 9201 FAX | cause of world peace.
Re: FW: GET ME OFF THIS DAMN LIST
Andrzej Kukula writes: > qmail mailing list - to unsubscribe, email [EMAIL PROTECTED] Do you have any evidence that it actually succeeds in reducing unsubscribes sent to the list? -- -russ nelson <[EMAIL PROTECTED]> http://crynwr.com/~nelson Crynwr supports Open Source(tm) Software| PGPok | There is good evidence 521 Pleasant Valley Rd. | +1 315 268 1925 voice | that freedom is the Potsdam, NY 13676-3213 | +1 315 268 9201 FAX | cause of world peace.
rblsmtpd just defers to my mx backup, so I get the spam :-(
Hi, got an interesting spam last night, the offending header is thus: > Received: from polaris.uk.insnet.net (194.177.174.245) > by ice.gradwell.com with SMTP; 28 Mar 1999 22:23:41 - > Received: from unknown (1Cust103.tnt4.krk1.da.uu.net [208.254.1.103]) > by polaris.uk.insnet.net now, polaris.uk.insnet.net is my secondary mail relay. the spammer will have tried to deliver this mail to ice.gradwell.com, however, it will have been blackholed because I'm running rblsmtpd using the DUL MAPS list to filter my mail. Now, I rejected the mail, so it was delivered to insnet. I assume that I then accepted the mail from my insnet relay, and thus I got the spam. Given that rblsmtpd only ever defer's mail, and it doesn't actually reject it (to give sys admins time to fix their broken systems) is it likely that the spam is going to reach me via my relay every time? If so, would it be possible to have rblsmtpd actually bounce the mail for people on the dul list? It seems you can't win really :-( peter. -- peter at gradwell dot com; online @ http://www.gradwell.com/ "To look back all the time is boring. Excitement lies in tomorrow"
Re: FW: GET ME OFF THIS DAMN LIST
> >> > it's not just 2 lines. It's 2 lines x # of subscribers x messages per > >day. > >> > Assuming a "line" is 40 characters, there are 1000 subscribers, and 50 > >> > messages per day, that's 4 megabytes per day extra. > > >I wasn't suggesting 4 megs/day was excessive.. But it's not negligible.. > > Average message 2K, 40 characters is 2% of traffic for this list. It > that isn't negligable, what is? Also, go ahead and compare a useful footnote approx. 80 bytes long (see below, taken from Adam's post) against 512 or more bytes of useless signatures... andrzej --- qmail mailing list - to unsubscribe, email [EMAIL PROTECTED]
qmail Digest 29 Mar 1999 11:00:01 -0000 Issue 594
qmail Digest 29 Mar 1999 11:00:01 - Issue 594 Topics (messages 23572 through 23590): serialmail/qmail workaround needed 23572 by: [EMAIL PROTECTED] () MTA level rfc822 syntax checking? 23573 by: "Fred Lindberg" <[EMAIL PROTECTED]> 23577 by: "Sam" <[EMAIL PROTECTED]> 23579 by: Russ Allbery <[EMAIL PROTECTED]> FW: GET ME OFF THIS DAMN LIST 23574 by: "Fred Lindberg" <[EMAIL PROTECTED]> Virus-check for incoming mails with qmail 23575 by: Sascha Ottolski <[EMAIL PROTECTED]> 23576 by: Sascha Ottolski <[EMAIL PROTECTED]> 23578 by: Sascha Ottolski <[EMAIL PROTECTED]> 23587 by: "Frank Tegtmeyer" <[EMAIL PROTECTED]> 23588 by: "Alex Shipp" <[EMAIL PROTECTED]> 23589 by: John Conover <[EMAIL PROTECTED]> poor documentation example 23580 by: Jay Soffian <[EMAIL PROTECTED]> Shadow Passwords 23581 by: Kevin Waterson <[EMAIL PROTECTED]> 23582 by: Chris Johnson <[EMAIL PROTECTED]> 23584 by: "Eric Dahnke"<[EMAIL PROTECTED]> Melissa Virus 23583 by: Justin Alcorn <[EMAIL PROTECTED]> Qmail is losing (hiding?) remote mail 23585 by: [EMAIL PROTECTED] (Mike Glover) 23586 by: "Sam" <[EMAIL PROTECTED]> Simple question! 23590 by: "Nguyen Dang Phuoc Dong" <[EMAIL PROTECTED]> Administrivia: To subscribe to the digest, e-mail: [EMAIL PROTECTED] To unsubscribe from the digest, e-mail: [EMAIL PROTECTED] To bug my human owner, e-mail: [EMAIL PROTECTED] To post to the list, e-mail: [EMAIL PROTECTED] -- Eric Dahnke ([EMAIL PROTECTED]) wrote: : Hello List, : I've got a dialup client with a qmail/fetchmail/serialmail instalation : acting as their mailgateway. The client wants to restrict some of the : accounts to internal mail use only. : Question is, how can I keep such restricted users' messages from ending : up in serialmail's outgoing pppdir? : (obviously, the restricted user would never receive any external : messages, but he or she would be able to send to any external address : they like, no?) The solution I implemented for a client was to permit all outgoing mail, but restrict incoming mail to only those privileged. It's pretty hard to know the credentials of the person relaying out. SMTP does not provide a way. If you still want to restrict outgoing, if you know their IP addresses, you can block these (unset RELAYCLIENT or firewall them). But it's trivial for a Windoze user to change his PC's IP. -harold On Fri, 26 Mar 1999 17:10:41 GMT, Sam wrote: >Yes. Spam filtering. I think that this is an excellent idea, and I have >implemented it myself, although my RFC822 checking is probably not as >strict as this particular instance. What I didn't like is that the MTA becomes the strictest enforcer of "content", and that "SPAM filtering" rejects not SPAM but messages that it [the author of the SPAM filter] thinks are syntactically incorrect. For instance, looking for characters with bit 8 set must be _the_ anti-SPAM measure with the lowest sensitivity and specificity. It does work reasonably as a filter against Swedish E-mail, though (sensitivity 5%, specificity bad). -Sincerely, Fred (Frederik Lindberg, Infectious Diseases, WashU, St. Louis, MO, USA) On Sun, 28 Mar 1999, Fred Lindberg wrote: > What I didn't like is that the MTA becomes the strictest enforcer of > "content", and that "SPAM filtering" rejects not SPAM but messages that > it [the author of the SPAM filter] thinks are syntactically incorrect. > For instance, looking for characters with bit 8 set must be _the_ > anti-SPAM measure with the lowest sensitivity and specificity. It does Perhaps, but 8 bit characters should not be used in RFC822 headers. There's a well defined method for encoding 8 bit characters in the real name portion of an E-mail address. Sam <[EMAIL PROTECTED]> writes: > Perhaps, but 8 bit characters should not be used in RFC822 headers. > There's a well defined method for encoding 8 bit characters in the real > name portion of an E-mail address. Nonetheless, in Europe, 8-bit characters in headers are very widely used. -- Russ Allbery ([EMAIL PROTECTED]) http://www.eyrie.org/~eagle/> >> > it's not just 2 lines. It's 2 lines x # of subscribers x messages per >day. >> > Assuming a "line" is 40 characters, there are 1000 subscribers, and 50 >> > messages per day, that's 4 megabytes per day extra. >I wasn't suggesting 4 megs/day was excessive.. But it's not negligible.. Average message 2K, 40 characters is 2% of traffic for this list. It that isn't negligable, what is? -Sincerely, Fred (Frederik Lindberg, Infectious Diseases, WashU, St. Louis, MO, USA) Hi, there where several people asking how one could do this, here ist one possible solution. I use the script found on http://satan.oih.rwth-aachen.de/AMaViS/ and a software called A
Simple question!
Hi all, How to tell Qmail reject any incoming mail from unresolved host/domain? Thanks inadvance! Dong
Re: Virus-check for incoming mails with qmail
Alex Shipp writes: > > >Does anyone have experience with MTA virus checking? All I heard of was > >slowing down mail for a company up to two days. That may be simply an > >inappropriate machine but it triggers all kinds of alarm in my head. > > > We pass all our mail through 3 scanners. For an average sized mail, > this takes about 5 seconds elapsed time. > FYI, there is a thread going on in the procmail mailing list concerning using procmail to ship any and all attachments to /dev/null. The message is delivered minus any attachments. So the discussion goes, it is selective on a per user basis, (ie., Unix user, pass attachments, MS, don't.) and only if the message is NOT from the local domain. I'm not so sure this is a good idea, but with the frailty of PC secretary software, it might be justified. So the discussion goes, it is done at the MUA delivery, so the MTA can pass it off to other machines on the network that do the scan, cut, and delivery. John -- John Conover, 631 Lamont Ct., Campbell, CA., 95008, USA. VOX 408.370.2688, FAX 408.379.9602 [EMAIL PROTECTED], http://www2.inow.com/~conover/john.html
Re: Virus-check for incoming mails with qmail
>Does anyone have experience with MTA virus checking? All I heard of was >slowing down mail for a company up to two days. That may be simply an >inappropriate machine but it triggers all kinds of alarm in my head. We pass all our mail through 3 scanners. For an average sized mail, this takes about 5 seconds elapsed time. __ This message has been checked for viruses by the Star Screening System http://www.star.co.uk
Re: Virus-check for incoming mails with qmail
> there where several people asking how one could do this, here ist one possible > solution. I use the script found on http://satan.oih.rwth-aachen.de/AMaViS/ > and a software called AntiVir (http://www.antivir.de). I always refused to do virus scanning at the MTA because of reducing perfomance, possible DoS scenarios and security implications by the used packing programs/virus scanners/scripting glue. Does anyone have experience with MTA virus checking? All I heard of was slowing down mail for a company up to two days. That may be simply an inappropriate machine but it triggers all kinds of alarm in my head. Any comments? Regards, Frank
Re: Qmail is losing (hiding?) remote mail
Mike Glover writes: > Hi- > >I've very suddenly started having a very serious problem with my > qmail version 1.03. This is what happens. My domain is duluoz.net, Your DNS is severely broken. Fix it: [news@ny spool]$ dig duluoz.net mx ; <<>> DiG 8.1 <<>> duluoz.net mx ;; res options: init recurs defnam dnsrch ;; got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 6 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUERY SECTION: ;; duluoz.net, type = MX, class = IN ;; ANSWER SECTION: duluoz.net. 23h59m50s IN CNAME paradise.duluoz.net. Investigate why your DNS servers are returning a SERVFAIL, yet still spit out an MX record. That is broken.
Qmail is losing (hiding?) remote mail
Hi- I've very suddenly started having a very serious problem with my qmail version 1.03. This is what happens. My domain is duluoz.net, the mail exchange machine name is paradise. If I send a message from paradise to a user in the duluoz.net domain, the message is delivered successfully. If I send a message not from paradise (or if I make an smtp connection from paradise) to a duluoz.net or paradise.duluoz.net address, the message is lost. this is what a typical log entry looks like: Mar 28 20:39:18 paradise qmail: 922682358.437321 new msg 42707 Mar 28 20:39:18 paradise qmail: 922682358.437815 info msg 42707: bytes 207 from <> qp 5323 uid 505 Mar 28 20:39:18 paradise qmail: 922682358.502154 starting delivery 2: msg 42707 to local @paradise.duluoz.net Mar 28 20:39:18 paradise qmail: 922682358.502483 status: local 1/10 remote 0/20 Mar 28 20:39:18 paradise qmail: 922682358.504139 delivery 2: success: Mar 28 20:39:18 paradise qmail: 922682358.504277 status: local 0/10 remote 0/20 Mar 28 20:39:18 paradise qmail: 922682358.504381 end msg 42707 My /var/qmail/controls directory is set up with the default values (using .config-fast paradise.duluoz.net), with the exception that I've added "duluoz.net" to both rcpthosts and locals. The problem appeared suddenly after two months of working flawlessly. I have since reinstalled the entire /var/qmail directory from the source code. Any help would be greatly appreciated. -mike
