MyDoom virus & Postfix setup
Has anyone succeded in configuring Postfix to reject the MyDoom virus ? Maybe by touching header_checks or some other trick. Thanks in advance for any help!
The Monday 2004-02-02 at 18:26 +0100, Enrique Arizón wrote:
Has anyone succeded in configuring Postfix to reject the MyDoom virus ? Maybe by touching header_checks or some other trick.
Thanks in advance for any help!
They come as .zip attaches, of different names, and from different
addresses. I doubt there is a common header :-?
Amavis catches them, but after they are downloaded :-(
For example, one of them:
|Received: from localhost (localhost [127.0.0.1])
| by nimrodel.valinor (Postfix) with ESMTP id AD84CD498A
| for
On TV I saw that they are already blaming the Worm/MyDoom.A2 on the Linux movement making war on SCO and M$ :-(
I sincerely doubt that... however, U.S. laws state that people who are hacking, can be charged and persecuted as terrorists. I sincerely doubt that Linux community as large is mobilizing against SCO as I sincerely doubt they have the capability of such mobilation, and would rather expect that the current political environment is using state terrorism against the internet community, for the purpose of being able to control the flow of information, that crosses it. Who is smarter on the long run, remains to be seen. However, one of the things that can be done is to ascertain that rooted boxes are not allowed to be email relays. And that such boxes be blocked, when that occurs (called a blacklist). However, this does not seem to be the case in many situations and especially this past month or so. I've been bombarded with email from a rooted email server, tiscali.it ... with hoaxes, that come from a dialin line, at that ISP. And few of these "relays" are running linux ...
The Tuesday 2004-02-03 at 19:53 +0100, Örn Hansen wrote:
On TV I saw that they are already blaming the Worm/MyDoom.A2 on the Linux movement making war on SCO and M$ :-(
I sincerely doubt that... however, U.S. laws state that people who are hacking, can be charged and persecuted as terrorists. I sincerely doubt that Linux community as large is mobilizing against SCO as I sincerely doubt they
No, I didn't mean that to be the truth, just that "newsies" say so. What do they know, I wonder? If I have to judge by we see on movies about hackers and computers...
However, one of the things that can be done is to ascertain that rooted boxes are not allowed to be email relays. And that such boxes be blocked,
Sorry, what is a "rooted box"? Perhaps a cracked one, with a rootkit, isn't that?
when that occurs (called a blacklist). However, this does not seem to be the case in many situations and especially this past month or so. I've been bombarded with email from a rooted email server, tiscali.it ... with hoaxes, that come from a dialin line, at that ISP. And few of these "relays" are running linux ...
Ah. I hate blacklists, because they hit the same way the innocent and the guilty; and there are more innocents than guilty. That's like gassing a entire building because there is a killer living in one of the flats. I know, I'm exaggerating: but I don't think any court on any country (or any democratic one) would impose that kind of punishment on everybody on a range just because somebody that happened to use an IP on that range for illegal uses. Rather, the solution would be to force providers to take real action against those people. At least on my country (Spain), I know providers have long listings correlating the IP at a certain time with the phone number used for the connection (I have seen them): therefore the culprit can be catched if there is the serious intention to do so. I heard the the EEC politicians are talking of taking action against spammers. Lets us hope they do it right. -- Cheers, Carlos Robinson
On Tuesday 03 February 2004 21:29, Carlos E. R. wrote:
I hate blacklists, because they hit the same way the innocent and the guilty; and there are more innocents than guilty. That's like gassing a entire building because there is a killer living in one of the flats. I know, I'm exaggerating: Well, your not exagerating by much.
but I don't think any court on any country (or any democratic one) would impose that kind of punishment on everybody on a range just because somebody that happened to use an IP on that range for illegal uses. Sometimes those ISP's don't even have a postmaster setup, nor even a person to watch the services.
Rather, the solution would be to force providers to take real action against those people. At least on my country (Spain), I know providers have long listings correlating the IP at a certain time with the phone number used for the connection (I have seen them): therefore the culprit can be catched if there is the serious intention to do so.
I heard the the EEC politicians are talking of taking action against spammers. Lets us hope they do it right.
And therein lies the problem. I seriously doubt they'll do it right. To take the political side of it, 90% of all spams are coming from ... you-know-where. But it's our dear John, these open source guys who are spread all over Europe who are attacking SCO (bingo). These EEC politicians don't have a clue about IT, and they are generally working out of preassure from you-know-where and not in the interest of their citizens. If it isn't the preassure that is dictating their ways, it's the dream of become an even bigger corporation than you-know-who. Both of which, do not take the general citizen into count. We'll always end up with the short end of the stick, as most of us aren't smart enough to see it coming and the rest of us are totally powerless to do anything about it.
The Wednesday 2004-02-04 at 13:56 +0100, Örn Hansen wrote:
Sometimes those ISP's don't even have a postmaster setup, nor even a person to watch the services.
To reach customer service for some of this biggies (Terra/Lycos, for instance) we have to phone one of those numbers charging about half an euro or more per minute. :-( -- Cheers, Carlos Robinson
participants (3)
-
Carlos E. R.
-
Enrique Arizón
-
Örn Hansen