Hello! Just as, probably, some of you, i am tired of getting tons of 150kb messages containg yet-another-worm-for windows. Does anybody have a good advise about how could i use my procmail on my server to filter it out? how to bounce it?
The 03.09.23 at 23:55, Vitaly Shishakov wrote:
Just as, probably, some of you, i am tired of getting tons of 150kb messages containg yet-another-worm-for windows. Does anybody have a good advise about how could i use my procmail on my server to filter it out?
Search the list, this has been comented several times this month - two by me self this week. -- Cheers, Carlos Robinson
Carlos E. R. wrote:
The 03.09.23 at 23:55, Vitaly Shishakov wrote:
Just as, probably, some of you, i am tired of getting tons of 150kb messages containg yet-another-worm-for windows. Does anybody have a good advise about how could i use my procmail on my server to filter it out?
Search the list, this has been comented several times this month - two by me self this week.
Carlos, and everyone, Since we are again on this subject, and I know this has been addressed a great deal, but I am still a little fuzzy/confused about the whole email/network security approach. I have been trying to read various articles found on the web but I'll admit I am a bit new to admin activities as well as apprehensive until I have a very thorough understanding of the approach. I am currently just using Mozilla to access my ISPs mail server directly. This, I know is not a very good approach and I intend to change it once I have the process down pat. My understanding of a good approach follows: 1. Firewall (of course, although I have not gotten there yet) 2. postfix - setup and operational 3. antivirus software (I've heard recommended: F-prot, antivir, and clam antivirus. Comments on these appreciated) 4. SpamAssassin 5. Amavis And then make them all work together. Is this a good/safe approach? Any information on this will be greatly appreciated. I am also struggling through the man pages of some of these. Are there any good references available on the web for getting all this configured? I know that Togan has a great guide for firewall2 which I am currently reading, but how about the rest of these and making it all work together? TIA, Darrell Cormier
* Darrell Cormier;
Carlos E. R. wrote: My understanding of a good approach follows:
1. Firewall (of course, although I have not gotten there yet) 2. postfix - setup and operational 3. antivirus software (I've heard recommended: F-prot, antivir, and clam antivirus. Comments on these appreciated) 4. SpamAssassin 5. Amavis
And then make them all work together. Is this a good/safe approach? Any information on this will be greatly appreciated. I am also struggling through the man pages of some of these. Are there any good references available on the web for getting all this configured? I know that Togan has a great guide for firewall2 which I am currently reading, but how about the rest of these and making it all work together?
I would go for a Proxy Setup for the services I will be accessing on the internet and also would again choose Proxy setup for the services I will be offering to the internet. 1. Firewall Following the Unofficial guide should get you up and running 2,3,4,5) As I see it, all Mail Transport Agents (postfix, sendmail) are actually do proxying (they relay mail for other MTA). Use fetchmail to download the mail from your ISP, let it hand it over to postfix which should hand it over to content filter (antivir is free for private use) and let the content filter deliver the mail to postfix which should relay it to your internal mail server. Use squid for http proxying, use ftp-proxy which comes with proxy-suite for ftp access. I use tircproxy for IRC proxying Use Xntp for time setup and configure the on on the firewall to get synced with pool.ntp.org and then allow it to act as a time server for your internal machines. Make sure you chroot all services you are offering Himm maybe I should start writing a guide on this subject rather than preparing the final version of the susefirewall2 guide. Have nice weekend -- Togan Muftuoglu Unofficial SuSE FAQ Maintainer http://dinamizm.ath.cx
Togan Muftuoglu wrote:
* Darrell Cormier;
on 26 Sep, 2003 wrote: <snip> I would go for a Proxy Setup for the services I will be accessing on the internet and also would again choose Proxy setup for the services I will be offering to the internet. 1. Firewall Following the Unofficial guide should get you up and running
2,3,4,5) As I see it, all Mail Transport Agents (postfix, sendmail) are actually do proxying (they relay mail for other MTA). Use fetchmail to download the mail from your ISP, let it hand it over to postfix which should hand it over to content filter (antivir is free for private use) and let the content filter deliver the mail to postfix which should relay it to your internal mail server.
Use squid for http proxying, use ftp-proxy which comes with proxy-suite for ftp access. I use tircproxy for IRC proxying
Use Xntp for time setup and configure the on on the firewall to get synced with pool.ntp.org and then allow it to act as a time server for your internal machines. Make sure you chroot all services you are offering
Himm maybe I should start writing a guide on this subject rather than preparing the final version of the susefirewall2 guide.
Have nice weekend
Thanks for the responses Bruce and Togan. Togan, Can this set up be configured on a stand alone box? By this, I mean that I have only one PC which I dual boot between WinXP (as seldom as possible) and SuSE 8.2. I know this will not work when I boot up into windows but will it work fine in Linux or is it not feasible. OR Would it be much more efficient and robust if I had a second computer (even if it were a Pentium MMX) that was primarily for this firewall/antivir/mail_server/proxy/router purpose. Please give me your feelings on both options. Thanks, Darrell
* Darrell Cormier;
Can this set up be configured on a stand alone box? By this, I mean that I have only one PC which I dual boot between WinXP (as seldom as possible) and SuSE 8.2. I know this will not work when I boot up into windows but will it work fine in Linux or is it not feasible.
I personally would not recommend this option, although it will work in Linux
OR
Would it be much more efficient and robust if I had a second computer (even if it were a Pentium MMX) that was primarily for this firewall/antivir/mail_server/proxy/router purpose.
Please give me your feelings on both options.
This is what I would go for as with my desktop, be it WinXP or SuSE I can surf with a feeling of being secure, reading my mails without the worry of a nasty virus ( make sure you update the antivirus frequently and do not open attachments you are unsure) If you install a IMAP server on the firewall then you can have all your mails available to you on both systems. Make sure it is secured. As a paranoiac, yes I can be case study, all the internal LAN machines are firewalled as well along with antivirus software on every single one of them regardless of the operating system they run. Night time reading must Building Internet Firewalls, Second Edition By Elizabeth D. Zwicky, Simon Cooper, & D. Brent Chapman Start with the sample chapter http://www.oreilly.com/catalog/fire2/chapter/ch13.html Happy reading :-) -- Togan Muftuoglu Unofficial SuSE FAQ Maintainer http://dinamizm.ath.cx
Togan Muftuoglu wrote:
* Darrell Cormier;
on 26 Sep, 2003 wrote: Can this set up be configured on a stand alone box? By this, I mean that I have only one PC which I dual boot between WinXP (as seldom as possible) and SuSE 8.2. I know this will not work when I boot up into windows but will it work fine in Linux or is it not feasible.
<snip> Building Internet Firewalls, Second Edition By Elizabeth D. Zwicky, Simon Cooper, & D. Brent Chapman
Start with the sample chapter http://www.oreilly.com/catalog/fire2/chapter/ch13.html
Happy reading :-)
Thanks, I will look that up. I am almost ready to start, hopefully this will get me to that point. D.C.
On Friday 26 September 2003 11:11 am, Darrell Cormier wrote:
Carlos E. R. wrote:
The 03.09.23 at 23:55, Vitaly Shishakov wrote:
Just as, probably, some of you, i am tired of getting tons of 150kb messages containg yet-another-worm-for windows. Does anybody have a good advise about how could i use my procmail on my server to filter it out?
Search the list, this has been comented several times this month - two by me self this week.
Carlos, and everyone, Since we are again on this subject, and I know this has been addressed a great deal, but I am still a little fuzzy/confused about the whole email/network security approach. I have been trying to read various articles found on the web but I'll admit I am a bit new to admin activities as well as apprehensive until I have a very thorough understanding of the approach. I am currently just using Mozilla to access my ISPs mail server directly. This, I know is not a very good approach and I intend to change it once I have the process down pat.
My understanding of a good approach follows:
1. Firewall (of course, although I have not gotten there yet)
Definitely... I use shorewall
2. postfix - setup and operational
Good but you can receive mail without it.
3. antivirus software (I've heard recommended: F-prot, antivir, and clam antivirus. Comments on these appreciated)
I personally don't think it's necessary and don't ever filter for virii.
4. SpamAssassin
Very good. And you'll probably need procmail in order to call SA.
5. Amavis
Isn't this a virus checker? You'll probably also want fetechmail to get incoming mail from your ISP.
And then make them all work together. Is this a good/safe approach? Any information on this will be greatly appreciated. I am also struggling through the man pages of some of these. Are there any good references available on the web for getting all this configured? I know that Togan has a great guide for firewall2 which I am currently reading, but how about the rest of these and making it all work together?
TIA, Darrell Cormier
-- +----------------------------------------------------------------------------+ + Bruce S. Marshall bmarsh@bmarsh.com Bellaire, MI 09/26/03 11:55 + +----------------------------------------------------------------------------+ "We seem to believe it is possible to ward off death by following rules of good grooming." - Don Delillo
The 03.09.26 at 10:11, Darrell Cormier wrote:
Since we are again on this subject, and I know this has been addressed a great deal, but I am still a little fuzzy/confused about the whole email/network security approach.
Me too, sometimes :-)
I have been trying to read various articles found on the web but I'll admit I am a bit new to admin activities as well as apprehensive until I have a very thorough understanding of the approach.
It is much better that, than to be carefree.
I am currently just using Mozilla to access my ISPs mail server directly. This, I know is not a very good approach and I intend to change it once I have the process down pat.
Why? It is a good enough way. It is not the only way, not necessarily the best, nor the worst.
My understanding of a good approach follows:
1. Firewall (of course, although I have not gotten there yet) 2. postfix - setup and operational 3. antivirus software (I've heard recommended: F-prot, antivir, and clam antivirus. Comments on these appreciated) 4. SpamAssassin 5. Amavis
Antivirus is not necessary in Linux, but I also have it - at least, to know when I do get a contaminated email. But many of the newer viruses go undetected. Amavis is good, and can be used with several different antivirus programs. Then, unless you have your own domain, you also need fetchmail or equivalent (and probably procmail) to get mail from your ISP accounts.
And then make them all work together. Is this a good/safe approach?
Good, yes. Safe, probably... but what is safe on a permanent connection? -- Cheers, Carlos Robinson
The best answer is to use 'amavis-postfix' or 'amavis-sendmail' that is contained in SuSE distro. I just installed it in our system and does a good job. As detection engine you might use free virus scanner f-prot from www.f-prot.com (using a cron entry calling 'check-updates.pl' it updates the virus definitions daily). It is easy to set up personal filter with procmail: <<<< 1. Create script ~/bin/fprotwrapper #!/bin/sh tf=/tmp/_viruscheck_`whoami` cat - > $tf /usr/local/f-prot/f-prot -silent $tf a=$? rm $tf if test $a -eq 3 then exit $a else exit 0 fi <<<< 2. chmod 755 ~/bin/fprotwrapper <<<< 3. Write the following lines to ~/.procmailrc :0HB: * ! ? ~/bin/fprotwrapper virusmail <<<< 4. echo '|procmail' > ~/.forward Your virus mail will be then stored in mailbox called virusmail. Perhaps in a folder ~/Mail/ and so better make sure the folder exists. K. On Tue, Sep 23, 2003 at 11:55:44PM -0500, Vitaly Shishakov wrote:
Just as, probably, some of you, i am tired of getting tons of 150kb messages containg yet-another-worm-for windows. Does anybody have a good advise about how could i use my procmail on my server to filter it out?
-- Kaupo Palo Evotec Technologies GmbH
participants (6)
-
Bruce Marshall
-
Carlos E. R.
-
Darrell Cormier
-
Kaupo Palo
-
Togan Muftuoglu
-
Vitaly Shishakov