> Stewart's patch is probably the "MIMEDefang way" -- it does after all
> introduce another ugly global variable. :-)
>
> I will apply the patch for the next release. MIMEDefang 3.0 in the
> far-distant future will clean up all the global variables and provide
> a proper Perl object-oriented int
On Tue, 11 May 2004, Royce Williams wrote:
> David, I feel as though we're grasping at straws here. You probably
> either think that we're barking up the wrong tree, or have an opinion on
> how to DTRT here. :) What's the "MIMEDefang way" to do this?
Stewart's patch is probably the "MIMEDefang
On 5/11/2004 4:55 PM, Stewart James wrote:
If anyone who is interesting in this can have a glance at the patch for
and let me know if they see a fault I would be grateful. I would be
happy to run this locally, but I would only really want to do that if it
had a chance of entering MD proper at some
COntinued from previos message (why is send and attach so close in
evolution?)
>
> Finally this was done on mimedefang.pl that comes with Debian Unstable:
> 2.42-1
Attached is the patch.
Regards,
Stewart James
--- /usr/bin/mimedefang.pl 2004-05-04 19:46:41.0 +1000
+++ mimedefang.pl 2004
> >From a different perspective it would seem perhaps approriate to have a
> Variable $VirusScannerName set by the various routines that invoke virus
> scanners e.g. This would mean the Name of the scanner would be available
> to mimedefang-filter as VirusScannerMessage is.
>
> It does not look to
On 5/10/2004 10:26 PM, Stewart James wrote:
Second, Looking at the log entries there is nothing that shows which
scanner detected the virus. Now, this would be quite beneficial.
Considering it would be cool to be able to do reports saying clam found
100% - trend never found them (because clam is r
John Barton wrote:
Also, I was considering implementing baysian filtering, but my current
setup would require a single bayes database for the whole system. I
have read through the archives and seen it mentioned, but am curious
about people's experience running a site wide bayes setup. I know it
Greetings,
I currently run about 6 mail servers with about 25,000 accounts total
across all the systems. I am getting a lot of email spam getting past
the standard SA rules, and I'm considering using some of the
supplemental rules that are available. I have started using RulesDeJour
to keep a s
On 5/10/2004 4:52 AM, Kevin A. McGrail wrote:
and
someone might be able to give you a hint how to increase the file
descriptors in FreeBSD. It might be a simple use of the limit or ulimit
command but that's out of my expertise.
http://www.freebsd.org/doc/en/books/handbook/configtuning-kernel-limi
[EMAIL PROTECTED] wrote on 05/11/2004 01:44:11
PM:
> There's a virus that uses a technique I've never heard of a virus using
> before. It sends a link to itself in an HTML email. Users click on the
> link and then an IE vulnerability allows the virus to install itself.
>
> http://secunia.com/v
There's a virus that uses a technique I've never heard of a virus using
before. It sends a link to itself in an HTML email. Users click on the
link and then an IE vulnerability allows the virus to install itself.
http://secunia.com/virus_information/9323/
Is there a way to use MIMEDefang agains
> From: Andrew Jayes [mailto:[EMAIL PROTECTED]
> " It would be useful to tell the owner of the infected PC, but there is
> no way to determine who it is."
>
> Unless the mail is 'not forged' and was actually sent by that
> sender address.
>
> Andrew
action_bounce() works wonders here. Only peo
In my experience, in the last year the only virus notifications I have seen pass
through our servers has had a forged sender address - the message received was
advising us that we had sent a virus, when in fact we had not, and could prove
that from the fact that we scan outbound as well as inbound
Hey,
" It would be useful to tell the owner of the infected PC, but there is
no way to determine who it is."
Unless the mail is 'not forged' and was actually sent by that sender address. My point
being that I would like to tell my clients if they have accidentally sent in an email
containing a
On Tue, 11 May 2004, Jerry K wrote:
> Can I do something like this in my sa-mimedefang.cf file.
>
> score "mort gage" .5
I think what you want is something like this:
body UAH_OBFUSCATED_MORTGAGE /mort.gage/i
describe UAH_OBFUSCATED_MORTGAGE Attempts to obfuscate the word "mortgage"
sco
On Tue, 11 May 2004, Andrew Jayes wrote:
> Unless the mail is 'not forged' and was actually sent by that sender address.
I haven't seen a virus in over a year that does *not* forge the sender
address.
The proper way to deal with this kind of thing, if you wish to leave open
the possibility of se
Patrick Morris <[EMAIL PROTECTED]> writes:
> Been using MIMEDefang on Debian for years now with now issues. If
> it's a production server, I'd recommend the Stable Debian release.
There is not MIMEDefang version in the stable Debian release, since it
is about two years old. Use the version from
I'm not sure if it's ever been exploited or not, but considering that on at least one
machine here MS Office helpfully executes any DOS/Win binary executable files with a
.doc or .xls extensions, I've put the following in my filter:
$office_exts =
'(doc|xml|dot|rtf|wps|xls|xlt|csv|xlw|wk4|wk3|w
On Tue, 11 May 2004, Rich West wrote:
> Dumb question, but where, now, is the HELO argument accessible?
In filter_sender or filter_recipient or any of the body filtering functions.
> With this change, my filter_relay will no longer function... what would
> be the recommended alternative?
Move t
On Tue, 11 May 2004, Andrew Jayes wrote:
> I do take your point and agree with you. But I am also aware that a
> most of our mail comes from the general public and small companies
> that do not have much in the way of anti-virus know how. In these
> instances it would be nice to inform them to che
> Dumb question, but where, now, is the HELO argument accessible?
Rich,
I sent this reply to a similar post, just a couple days ago. It will fix
your helo check.
Where I had the following in filter_relay():
#sub filter_relay {
#
# my ($hostip, $hostname, $helo) = @_;
I now use this, in filt
Can I do something like this in my sa-mimedefang.cf file.
score "mort gage" .5
where the item in quotes has white space.
I realize that this is a simple question, but I haven't really seen anything
that addresses this in the documentation.
I have noticed a trend where a spammer will hammer my
Dumb question, but where, now, is the HELO argument accessible?
With this change, my filter_relay will no longer function... what would
be the recommended alternative?
sub filter_relay () {
my($hostip, $hostname, $helo) = @_;
# Can't be "wesmo.com" unless it's one of our IP's.
if ($helo =~
Here is SPF check I am using in mimedefang-filter. Was thinking of moving
to filter_begin so action_add_header would work. Logging SPF info to
/etc/mail/spflist (amazing how many non-spammers send us e-mail as
ourselves). Also sendmail had trouble returning the "%40" in $smtp_comment
so removed
[EMAIL PROTECTED] wrote on 05/11/2004 11:28:35
AM:
> Thanks for the advice,
> I do take your point and agree with you. But I am also
> aware that a most of our mail comes from the general public and
> small companies that do not have much in the way of anti-virus know
> how. In these
--On Tuesday, May 11, 2004 4:28 PM +0100 Andrew Jayes
<[EMAIL PROTECTED]> wrote:
Thanks for the advice,
I do take your point and agree with you. But I am also aware
that a
most of our mail comes from the general public and small companies that
do not have much in the wa
Hi All,
I did a search but couldn't find anything relevant.
I'm calling the boilertext functions like:
[code]
append_text_boilerplate($entity,"\n\n" . $disclaimer,
0);
append_html_boilerplate($entity,"" . $disclaimer . "", 0);
[/code]
The problem is that append_html_boilerplate will
append a di
Thanks for the advice,
I do take your point and agree with you. But I am also aware
that a most of our mail comes from the general public and small companies that do not
have much in the way of anti-virus know how. In these instances it would be nice to
inform them to ch
I'm not sure if it's ever been exploited or not, but considering that on at least one
machine here MS Office helpfully executes any DOS/Win binary executable files with a
.doc or .xls extensions, I've put the following in my filter:
$office_exts =
'(doc|xml|dot|rtf|wps|xls|xlt|csv|xlw|wk4|wk3|w
> What I would like to see is spam being quarantined with no
> bounce, And viruses being quarantined with a bounce. That way
> anyone who may have sent a virus can check there system just
> in case. And spammers do not receive a reply to indicate my
> presence at the address.
Most here would a
Hi,
I nearly have my server ready now, just some last minute adjustments to make
to the filter.
Is there a way that I can quarantine everything marked as spam or virus? Or do I need
to 'action_Quarintine' at the end of every sub routine?
What I would like to see is spam being quaranti
31 matches
Mail list logo
