Re: [Mimedefang] How to block based on bad dns resolution names?

On Wed, 10 Mar 2004, David Fowler wrote: > The part that yanks my chain is the "resolved localhost". Nslookup returns > the same result. > I would like to reject the connection like I do for localhost and numeric > IPs in the HELO. > Is there a variable for this that I can filter on? $RelayHos

RE: [Mimedefang] How to block based on bad dns resolution names?

On Wed, 10 Mar 2004 [EMAIL PROTECTED] wrote: > You may lose more than you bargained for. Out-of-the-box installs of some > Linux distributions have a hostname of localhost This is a different case: The PTR record for the reverse-lookup of 203.210.222.130 is "localhost." That's highly suspiciou

RE: [Mimedefang] Ram based directory on FreeBSD 5.2x

> -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On > Behalf Of Wesley Peters > > OK, I looked at the 'mdmfs' code on 5.2 and found that: > > 1) When called as 'mount_mfs', as is done when processing fstab, it is >run in 'compatibility' mode. > > 2) Compat

[Mimedefang] clamscan missing some virus's

I am currently using filescan/clamscan/fprot/mcafee virus scanners. On virus's that get missed by clamscan, i get notified, and then I report the virus to clamav for inclusion. I have been seeing 2-4 virus's slip by per day. This is on a volume of 200-300 virus's per day. These virus's are quarant

Re: [Mimedefang] Clamd patch for errors; file permissions

--On Tuesday, March 09, 2004 12:31 PM -0500 "David F. Skoll" <[EMAIL PROTECTED]> wrote: >> I've installed 2.40, but I'm still seeing the following permissions in the >> directories created under /var/spool/MIMEDefang: > >> drwx--3 defang defang 1.0k Mar 8 08:07 >> mdefang-i28E7u5

RE: [Mimedefang] Ram based directory on FreeBSD 5.2x

At 07:07 PM 3/10/2004, you wrote: >> -p permissions > <---SNIP---> >> -w user:group > <---SNIP---> >> These can be specified along with the rest of the mount options. You >> have to do it this way, since memory disks evaporate during shutdown, >> there isn't anywhere else to record owner

RE: [Mimedefang] Ram based directory on FreeBSD 5.2x

On Tuesday, March 09, 2004 2:08 PM, J.D. Bronson alleged: > At 03:34 PM 3/9/2004, you wrote: > >>> I tried setting the perms like this: >>> >>> drwx-- 2 defang defang512 Mar 9 08:36 MIMEDefang >>> >> Okay glad you said something, heres a little more detail

RE: [Mimedefang] Ram based directory on FreeBSD 5.2x

On Tuesday, March 09, 2004 11:05 PM, Rob alleged: >> -Original Message- >> From: [EMAIL PROTECTED] >> [mailto:[EMAIL PROTECTED] On >> Behalf Of Wesley Peters >> >> man mount_mfs: >> >> -p permissions > <---SNIP---> >> -w user:group > <---SNIP---> >> T

RE: [Mimedefang] How to block based on bad dns resolution names?

> From: David Fowler [mailto:[EMAIL PROTECTED] > Here's one that I would love to crush, filter, destroy: > > Received: from smtpikdpivfmvm02w.worldwidemailserver.com (localhost > [203.210.222.130] (may be forged)) > > The part that yanks my chain is the "resolved localhost". > Nslookup returns

Re: [Mimedefang] How to block based on bad dns resolution names?

From: David Fowler <[EMAIL PROTECTED]> Subject: [Mimedefang] How to block based on bad dns resolution names? Date: Wed, 10 Mar 2004 17:09:11 -0500 dfowler> Here's one that I would love to crush, filter, destroy: dfowler> dfowler> Received: from smtpikdpivfmvm02w.worldwidemailserver.com (localhost

[Mimedefang] How to block based on bad dns resolution names?

Here's one that I would love to crush, filter, destroy: Received: from smtpikdpivfmvm02w.worldwidemailserver.com (localhost [203.210.222.130] (may be forged)) The part that yanks my chain is the "resolved localhost". Nslookup returns the same result. I would like to reject the connection like I

[Mimedefang] WAY OT: Dulles-Based AOL Teams with Top ISPs to Sue Spammers

This was such happy news, I had to post it! o Dulles-Based AOL Teams with Top ISPs to Sue Spammers Dulles, Va. -- Several prominent Internet service providers, including Dulles-based America Online, Earthlink, Microsoft and Yahoo, have teamed to file lawsuits against hundreds of habitual Interne

[Mimedefang] filter_multipart

Hello, I tried to create some extra filter rules, to catch some of this outlook erros. Because I'm not a strong code writer, I started to go step by step. So I insert in mimedefang-filter a md_syslog entry after each sub filter..., to show which part are processed by such mails. The interesstin

RE: [Mimedefang] About to give up on mimedefang under RedhatLinux 9

Am Mi, den 10.03.2004 schrieb Jim Crippen um 21:48: > Steve, > > I haven't gone back through all the responses but I'd try to re-install perl > from www.perl.org. I have not had good luck with Redhat's base version of > perl under 9. I am running MD 2.39 just fine but I did install perl 5.8.2. >

Re: [Mimedefang] "special use" IPv4 addresses to consider: RFC 3330

On Wed, 2004-03-10 at 13:34, Michal Jankowski wrote: > "Jon R. Kibler" <[EMAIL PROTECTED]> writes: > > > The authoritative list of bogus IP address can be found at: > > http://www.cymru.com/Documents/bogon-dd.html > > Please _do not_ use any of the unused/reserved IP ranges for any > special

RE: [Mimedefang] About to give up on mimedefang under RedhatLinux 9

On Wed, 2004-03-10 at 12:58, Steve Pfister wrote: > Thanks to everyone who replied to my earlier message. I was able to make > some progress, but I'm stuck again. > > I'm now getting: > > Can't locate loadable object for module Unix::Syslog. > > It looks like it's from the statement: > > bootst

RE: [Mimedefang] About to give up on mimedefang under RedhatLinux 9

Steve, I haven't gone back through all the responses but I'd try to re-install perl from www.perl.org. I have not had good luck with Redhat's base version of perl under 9. I am running MD 2.39 just fine but I did install perl 5.8.2. Jim Crippen -Original Message- From: Steve Pfister [m

Re: [Mimedefang] "special use" IPv4 addresses to consider: RFC 3330

"Jon R. Kibler" <[EMAIL PROTECTED]> writes: > The authoritative list of bogus IP address can be found at: > http://www.cymru.com/Documents/bogon-dd.html Please _do not_ use any of the unused/reserved IP ranges for any special purpose, specifically please _do not_ even think of blocking them

RE: [Mimedefang] About to give up on mimedefang under RedhatLinux 9

Thanks to everyone who replied to my earlier message. I was able to make some progress, but I'm stuck again. I'm now getting: Can't locate loadable object for module Unix::Syslog. It looks like it's from the statement: bootstrap Unix::Syslog $VERSION;(version 0.100, line 48) I've tried

Re: [Mimedefang] "special use" IPv4 addresses to consider: RFC 3330

At 07:34 PM 3/9/2004, Jeremy Mates wrote: * Network Guy <[EMAIL PROTECTED]> > Aaaa, block ALL incoming unroutable IP addys at the router. You should > not permit an IP from the 192.168.. 10... ( can't remember that other > one just now ) and 127.0.0.1. And if you can't/won't block it at the router,

Re: [Mimedefang] Replace with URL

"David F. Skoll" wrote: > > On Wed, 10 Mar 2004, Jon R. Kibler wrote: > > > OK, I was hoping to be able to continue to use action_replace_with_url > > which does all the dirty work for me -- except the decode. No solution > > you know of within that framework? > > But it does do the decode... >

Re: [Mimedefang] Replace with URL

On Wed, 10 Mar 2004, Jon R. Kibler wrote: > OK, I was hoping to be able to continue to use action_replace_with_url > which does all the dirty work for me -- except the decode. No solution > you know of within that framework? But it does do the decode... Regards, David. _

Re: [Mimedefang] Replace with URL

"Kevin A. McGrail" wrote: > > > > How would you integrate that into either MD or a web server? > > I would assume you would write perl in MD that runs uudeview on the > ENTIRE_MESSAGE into a directory that is tagged to a specific email and > located in a directory that is published by a web server

Re: [Mimedefang] Replace with URL

> > A place to start would be to install and run the file through UUDeview (or > > possibly something like mutt) and extract any attachments. > > > > http://www.fpx.de/fp/Software/UUDeview/ > > > > Regards, > > KAM > > How would you integrate that into either MD or a web server? I would assume you

Re: [Mimedefang] Replace with URL

"Kevin A. McGrail" wrote: > > Jon, > > A place to start would be to install and run the file through UUDeview (or > possibly something like mutt) and extract any attachments. > > http://www.fpx.de/fp/Software/UUDeview/ > > Regards, > KAM How would you integrate that into either MD or a web ser

Re: [Mimedefang] Replace with URL

Jon, A place to start would be to install and run the file through UUDeview (or possibly something like mutt) and extract any attachments. http://www.fpx.de/fp/Software/UUDeview/ Regards, KAM > We recently changed the logic in our filter so that when we get a suspect file type that passed OK th

Re: [Mimedefang] hide internal host names?

At 08:04 AM 03/10/2004, you wrote: > Is it possible to have MIMEDefang strip off internal IPs and machine names? > (yet still deliver the mail?) Yes, with appropriate use of action_delete_header. But please don't do this. It will cause trouble in the end. Regards, David. Fair enough. But its ni

[Mimedefang] Replace with URL

Hello all, We recently changed the logic in our filter so that when we get a suspect file type that passed OK through the AV scans, it is replaced with a URL. However, we have been getting complaints that some (actually, many) of the replaced attachments are encoded, and when the user accesses

Re: [Mimedefang] hide internal host names?

On Wed, 10 Mar 2004, J.D. Bronson wrote: > Is it possible to have MIMEDefang strip off internal IPs and machine names? > (yet still deliver the mail?) Yes, with appropriate use of action_delete_header. But please don't do this. It will cause trouble in the end. Regards, David. ___

Re: [Mimedefang] "special use" IPv4 addresses to consider: RFC 3330

Jeremy Mates wrote: > RFC 3330 - Special-Use IPv4 Addresses covers such RFC 1918 subnets along > with other special cases: > The authoritative list of bogus IP address can be found at: http://www.cymru.com/Documents/bogon-dd.html Jon K. -- Jon R. Kibler Chief Technical Officer A.S.E.T.,

[Mimedefang] hide internal host names?

Is it possible to have MIMEDefang strip off internal IPs and machine names? (yet still deliver the mail?) ..Please dont lecture me on why I want to do this...but if you know HOW -presuming its possible- please tell me. Thanks :) -JDB ___ Visit http:/

RE: [Mimedefang] Ram based directory on FreeBSD 5.2x

>From the man page: -w user:group Set the owner and group to user and group, respectively. The arguments have the same semantics as with chown(8), but specify- ing just a user or just a group is not supported. -Original Message- From: Kayne Kru

Re: [Mimedefang] starting on freebsd 5.2.1

On Tue, 9 Mar 2004 14:43:28 - , in local.mimedefang you wrote: >I was wondering (yet another newbie question here) how people >started mimedefang on freebsd 5.2.x ? > >Normally I toss extras app's into /usr/local/etc/rc.d, but I need >mimedefang to start BEFORE sendmail does of course... It d

Re: [Mimedefang] Side effect of stream_by_recipient

On Tue, 9 Mar 2004 13:28:29 - , in local.mimedefang you wrote: >On Tue, 9 Mar 2004, Jim Hatfield wrote: > >> Then what I want to do is to call action_bounce if there are no >> recipients left. But how can I do that if delete_recipient doesn't >> change the Recipients array? > >You need to do y