hi all, in hindsight of the current outlook worm, and the frequency in that these worms arise, i want to block any mail to my mailserver that comes from any ms software. currently im using qmail on suse 6.4. (yo, i know 6.4 is old, but it runs fine, so why update ? ;-) does anyone have experience how to do so ?? since im sure the time between new worms will get shorter and shorter, this is my "last solution" on my server for that. greets, chris -- visit me: http://mamalala.de - jmax audio related http://video.mamalala.de - jmax video related irc.openprojects.net - channel #jmax
In general, this can't be done. There is nothing in the SMTP protocol
that carries any identification of the client OS. Depending on the MTA,
you can block attachments. You also can block by client's domain,
sender's domain, etc.
Jeffrey
Quoting Christian Klippel
hi all,
in hindsight of the current outlook worm, and the frequency in that these worms arise, i want to block any mail to my mailserver that comes from any ms software. currently im using qmail on suse 6.4. (yo, i know 6.4 is old, but it runs fine, so why update ? ;-) does anyone have experience how to do so ?? since im sure the time between new worms will get shorter and shorter, this is my "last solution" on my server for that.
greets,
chris
-- I don't do Windows and I don't come to work before nine. -- Johnny Paycheck
hi jeffrey, but each header contains which mailer is used. since adresses/domains etc. can be blocked, i think blocking by user agent should be possible also, but didnt find any pointers on how to do so in the docs yet...... i know that blocking by the user agent is a brutal method, but as im not feeling responsible to cure mails sent by bad user agents, and even more, because it _not_ my job to keep the net clean of such worms, this is the only way i see. its the job of the ones who wrote that mailer software to take care that such worms can not spread by using their software ! as long as people set filters/worm&virus-scanners on their mail servers, we will never get rid of that problem, because the users almost dont realize that it is _their mailer_ that makes these bad things. only way (for me) is to block these malicous mailer in general, so people that want to use our server _must_ use a mailer that is somewhat safer than ms-crap. then, and _only_ then, the situation can be changed. another reason is, that i dont want to have bandwidth wasted by receiving such mails, only to delete them afterwards. so its better to not accept them in general..... greets, chris Am Mittwoch, 28. November 2001 02:09 schrieb Jeffrey Taylor:
In general, this can't be done. There is nothing in the SMTP protocol that carries any identification of the client OS. Depending on the MTA, you can block attachments. You also can block by client's domain, sender's domain, etc.
Jeffrey
Quoting Christian Klippel
: hi all,
in hindsight of the current outlook worm, and the frequency in that these worms arise, i want to block any mail to my mailserver that comes from any ms software. currently im using qmail on suse 6.4. (yo, i know 6.4 is old, but it runs fine, so why update ? ;-) does anyone have experience how to do so ?? since im sure the time between new worms will get shorter and shorter, this is my "last solution" on my server for that.
greets,
chris
-- visit me: http://mamalala.de - jmax audio related http://video.mamalala.de - jmax video related irc.openprojects.net - channel #jmax
* Christian Klippel (ck@mamalala.de) [011127 16:59]:
in hindsight of the current outlook worm, and the frequency in that these worms arise, i want to block any mail to my mailserver that comes from any ms software. currently im using qmail on suse 6.4. (yo, i know 6.4 is old, but it runs fine, so why update ? ;-) does anyone have experience how to do so ??
That's touch to do reliably since all schemes are probably going to end looking through the headers for MS "signatures" (e.g., outlook, MS, etc.). I'm not familar with any qmail patches that allow postfix-style regex matching on headers but I'm sure some exist. I guess I would just do it with procmail: :0H * ^.*(outlook|ms) /dev/null There might be some header that's specific to MS mail but I don't know. Of course, you'll want to come up with a good regular expression that matches MS stuff but incorrectly match non-MS stuff. -- -ckm
Christopher Mahmood schrieb:
* Christian Klippel (ck@mamalala.de) [011127 16:59]:
in hindsight of the current outlook worm, and the frequency in that these worms arise, i want to block any mail to my mailserver that comes from any ms software. currently im using qmail on suse 6.4. (yo, i know 6.4 is old, but it runs fine, so why update ? ;-) does anyone have experience how to do so ??
That's touch to do reliably since all schemes are probably going to end looking through the headers for MS "signatures" (e.g., outlook, MS, etc.). I'm not familar with any qmail patches that allow postfix-style regex matching on headers but I'm sure some exist.
I guess I would just do it with procmail: :0H * ^.*(outlook|ms) /dev/null
There might be some header that's specific to MS mail but I don't know. Of course, you'll want to come up with a good regular expression that matches MS stuff but incorrectly match non-MS stuff.
Wouldn't this affect something like Subject: outlook woes! Subject: Grimms fairy tales ^^ as well?? Just curious Juergen -- =========================================== __ _ Juergen Braukmann juergen.braukmann@gmx.de| -o)/ / (_)__ __ ____ __ Tel: 0201-743648 dk4jb@db0qs.#nrw.deu.eu | /\\ /__/ / _ \/ // /\ \/ / ===========================================_\_v __/_/_//_/\_,_/ /_/\_\
On Thu, Nov 29, 2001 at 10:29:56PM +0100 or thereabouts, Juergen Braukmann wrote: I found that one of the easiest ways of doing this is to use Postfix, and let your deamon reject mail before it hits your MTA (in my case, procmail). This is done very neatly and quickly in your /etc/postfix/main.cf file. You can filter on headers and body using reg ex and pcre. Example, using a separate table called header_checks and another called body_checks in your /etc/postfix. Just add in your main.cf file, (the header_checks is already there, commented out) header_checks = regexp:/etc/postfix/header_checks header_checks = pcre:/etc/postfix/header_checks body_checks = regexp:/etc/postfix/body_checks body_checks = pcre:/etc/postfix/body_checks This is extremely fast and accurate. Just load up your tables, or take the examples from www.mrbill.net/postfix/ The work has been done already for you for the tables. One of the best ways I have found for anti-spam or virii. -- Best regards, Gary
Christopher Mahmood schrieb:
* Christian Klippel (ck@mamalala.de) [011127 16:59]:
in hindsight of the current outlook worm, and the frequency in that these worms arise, i want to block any mail to my mailserver that comes from any ms software. currently im using qmail on suse 6.4. (yo, i know 6.4 is old, but it runs fine, so why update ? ;-) does anyone have experience how to do so ??
That's touch to do reliably since all schemes are probably going to end looking through the headers for MS "signatures" (e.g., outlook, MS, etc.). I'm not familar with any qmail patches that allow postfix-style regex matching on headers but I'm sure some exist.
I guess I would just do it with procmail: :0H * ^.*(outlook|ms) /dev/null
There might be some header that's specific to MS mail but I don't know. Of course, you'll want to come up with a good regular expression that matches MS stuff but incorrectly match non-MS stuff.
Wouldn't this affect something like
Subject: outlook woes!
Subject: Grimms fairy tales ^^
as well??
Worms cant effect you if you are on Linux. Arthur H. Johnson II arthur@linuxbox.nu The Linux Box http://www.linuxbox.nu On Wed, 28 Nov 2001, Christian Klippel wrote:
hi all,
in hindsight of the current outlook worm, and the frequency in that these worms arise, i want to block any mail to my mailserver that comes from any ms software. currently im using qmail on suse 6.4. (yo, i know 6.4 is old, but it runs fine, so why update ? ;-) does anyone have experience how to do so ?? since im sure the time between new worms will get shorter and shorter, this is my "last solution" on my server for that.
greets,
chris
-- visit me: http://mamalala.de - jmax audio related http://video.mamalala.de - jmax video related irc.openprojects.net - channel #jmax
-- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/support/faq and the archives at http://lists.suse.com
Of course they can. When code red (or was it nimda) struck, my network connection speed went through the floor. In effect, it is a DDoS attack. These worms affect the entire net, regardless of what OS you're running, and the sooner we get rid of them the better. And let us all hold hands and pray that noone is ever foolish enough to write a mail client for linux with scripting abilities á la outlook. //Anders On Wednesday 28 November 2001 16:15, Arthur H. Johnson II wrote:
Worms cant effect you if you are on Linux.
Arthur H. Johnson II arthur@linuxbox.nu The Linux Box http://www.linuxbox.nu
On Wed, 28 Nov 2001, Christian Klippel wrote:
hi all,
in hindsight of the current outlook worm, and the frequency in that these worms arise, i want to block any mail to my mailserver that comes from any ms software. currently im using qmail on suse 6.4. (yo, i know 6.4 is old, but it runs fine, so why update ? ;-) does anyone have experience how to do so ?? since im sure the time between new worms will get shorter and shorter, this is my "last solution" on my server for that.
greets,
chris
-- visit me: http://mamalala.de - jmax audio related http://video.mamalala.de - jmax video related irc.openprojects.net - channel #jmax
-- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/support/faq and the archives at http://lists.suse.com
Sure. I recieved a SirCam virus and for grins clicked on it to 'read' it. Much to my suprise it fired WINE and ended up dropping its payload into the WINE windows subdir and the windows trash subdir. That was all they did. Their payload was not effective. I could view them with a binary edtior. JLK On Wednesday 28 November 2001 09:21, Anders Johansson wrote:
Of course they can. When code red (or was it nimda) struck, my network connection speed went through the floor. In effect, it is a DDoS attack. These worms affect the entire net, regardless of what OS you're running, and the sooner we get rid of them the better.
And let us all hold hands and pray that noone is ever foolish enough to write a mail client for linux with scripting abilities á la outlook.
//Anders
On Wednesday 28 November 2001 16:15, Arthur H. Johnson II wrote:
Worms cant effect you if you are on Linux.
Arthur H. Johnson II arthur@linuxbox.nu The Linux Box http://www.linuxbox.nu
On Wed, 28 Nov 2001, Christian Klippel wrote:
hi all,
in hindsight of the current outlook worm, and the frequency in that these worms arise, i want to block any mail to my mailserver that comes from any ms software. currently im using qmail on suse 6.4. (yo, i know 6.4 is old, but it runs fine, so why update ? ;-) does anyone have experience how to do so ?? since im sure the time between new worms will get shorter and shorter, this is my "last solution" on my server for that.
greets,
chris
-- visit me: http://mamalala.de - jmax audio related http://video.mamalala.de - jmax video related irc.openprojects.net - channel #jmax
-- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/support/faq and the archives at http://lists.suse.com
Jerry Kreps wrote:
Sure. I recieved a SirCam virus and for grins clicked on it to 'read' it. Much to my suprise it fired WINE and ended up dropping its payload into the WINE windows subdir and the windows trash subdir.
Yeah, that binfmt_misc stuff in the kernel is going to cause problems for linux one of these days.
hi arthur, though they can not damage my very personal computer, they steal away huge amounts of bandwidth. the last two days when i logged on my mail server via ssh it took about 2 seconds to get the echo from my keystrokes, because the network was heavily loaded ! and thus, they affect me very directly even im on linux ! and paying a 2mbit leased line only to have 90% of the bandidth for spreding worms isnt what it is meant for ! (leased lines are very $$$$ here in germany, remeber....) greets, chris Am Mittwoch, 28. November 2001 16:15 schrieb Arthur H. Johnson II:
Worms cant effect you if you are on Linux.
Arthur H. Johnson II arthur@linuxbox.nu The Linux Box http://www.linuxbox.nu
On Wed, 28 Nov 2001, Christian Klippel wrote:
hi all,
in hindsight of the current outlook worm, and the frequency in that these worms arise, i want to block any mail to my mailserver that comes from any ms software. currently im using qmail on suse 6.4. (yo, i know 6.4 is old, but it runs fine, so why update ? ;-) does anyone have experience how to do so ?? since im sure the time between new worms will get shorter and shorter, this is my "last solution" on my server for that.
greets,
chris
-- visit me: http://mamalala.de - jmax audio related http://video.mamalala.de - jmax video related irc.openprojects.net - channel #jmax
-- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/support/faq and the archives at http://lists.suse.com
-- visit me: http://mamalala.de - jmax audio related http://video.mamalala.de - jmax video related irc.openprojects.net - channel #jmax
HI Chris et al ... On Wednesday 28 November 2001 18:30, Christian Klippel wrote:
hi arthur,
though they can not damage my very personal computer, they steal away huge amounts of bandwidth. the last two days when i logged on my mail server via ssh it took about 2 seconds to get the echo from my keystrokes, because the network was heavily loaded ! and thus, they affect me very directly even im on linux ! and paying a 2mbit leased line only to have 90% of the bandidth for spreding worms isnt what it is meant for ! (leased lines are very $$$$ here in germany, remeber....)
greets,
chris
Just wondering what does a leased line cost here in Germany? Also how does it compare to DSL etc. BTW do you mean a T1 line? Greetings! -- Jim Hatridge Linux User #88484 ------------------------------------------------------ BayerWulf Linux System # 129656 The Recycled Beowulf Project Looking for throw-away or obsolete computers and parts to recycle into a Linux super computer
hi jim, we have currently booth, a sdsl line with 2.3 mbit and a real leased line with 2mbit (leased line = a wire straight from us to the isp, with hispeed modems on each side ..... that modem pretty much looks like the telekom / dbp modems for datex p, they have the same housing ...) no, these are not normal modems as most of you know it ;-) the sdsl line runs into ist sdsl modem, which has a builtin 10mbit hub. the leased one goes from the line modem into a cisco router. the costs are about 4.700 dm / month the leased line sdsl is about the half. but im not satisfied with the sdsl line .... the service isnt good, the transferrates are not guaranteed. seem that the xdsl texhnology is not reliable at the moment. the problem for us is simply that out old isp dies, thus the leased line is off at one time. and in the meantime we look what to use next. but as said, the sdsl we currently have isnt stable. the leased line, otoh, is very stable. never had a "out of service" for longer than 1 minute there, and not more then 3 times in 2 years. the sdsl was offline four about 30 hrs up to now, while we have it for 3 months now. what a ratio ! the funny thing is, that pther people that hook on a sdsl line have the same experience, regardless of the provider. that makes me think about dsl in the moment twice. for private customers, dsl is a really great thing (tm) but for hooking up domains and usual inet services, it isnt that good for now ;( there must be a reason why it is so cheap compared to "real solutions" ;) greets, chris Am Donnerstag, 29. November 2001 17:04 schrieb Jim Hatridge:
HI Chris et al ...
On Wednesday 28 November 2001 18:30, Christian Klippel wrote:
hi arthur,
though they can not damage my very personal computer, they steal away huge amounts of bandwidth. the last two days when i logged on my mail server via ssh it took about 2 seconds to get the echo from my keystrokes, because the network was heavily loaded ! and thus, they affect me very directly even im on linux ! and paying a 2mbit leased line only to have 90% of the bandidth for spreding worms isnt what it is meant for ! (leased lines are very $$$$ here in germany, remeber....)
greets,
chris
Just wondering what does a leased line cost here in Germany? Also how does it compare to DSL etc. BTW do you mean a T1 line?
Greetings!
-- visit me: http://mamalala.de - jmax audio related http://video.mamalala.de - jmax video related irc.openprojects.net - channel #jmax
participants (10)
-
Anders Johansson
-
Arthur H. Johnson II
-
Christian Klippel
-
Christopher Mahmood
-
Gary
-
Jeffrey Taylor
-
Jerry Kreps
-
Jim Hatridge
-
Juergen Braukmann
-
zentara