On Fri, 2004-06-04 at 11:56, Arjen de Korte wrote:
smtpd_recipient_restrictions =
permit_mynetworks,
permit_auth_destination,
reject
Can't remember why I stopped using smtpd_recipient_restrictions
(I think I was still trying out various configurations with content
filters as I use trend interscan virus wall, which connects always as
localhost, have fixed this now with the
content_filter=smtp[localhost]:10026 string and editing my master.cf to
match this nicely)
Your (quite minimal) configuration will not stop the virus in question, the
sender host matches all criteria you listed here. I have no problems in
stopping the virusses entering my system (a single RBL in
smtpd_client_restrictions is sufficient in case of the 'dip.t-dialin.net'
senders), it is the virus warnings from perfectly legitimate systems that are
bothering me.
Yup, I started a string about these some months ago (when I needed
coffee and a break from users wasting my time by insiting they had a
virus as user@somewhere told them so.
[snip my previous]
From: "Barry Gill"
Date: Thu, 11 Mar 2004 09:40:28 +0200
Message-ID:
Subject: [suse-security] Anti-Virus reports
Hello All.
As most of you are technical, you should for the most part be in control
of, or have the ear of the person who is in control of your corporate
anti-virus solutions.
Please for the sake of the internet can you STOP your servers sending
virus notifications to the originators of the message as with today's
modern virii 90% of virii use spoofed "from:" addresses.
So, every time some poor person out there with MY name in their address
book, or contacts folder gets a virus, I get 3000 messages (as I am sure
do most of you on this list at least) telling me that I sent a virus to
someone I have never heard of in my life before.
This form of server administration is a very very poor form of security
as you are willfully informing people who have possibly never thought of
you or your servers before several key steps that it may have taken them
some time to figure out.
Things like...
Antigen for Exchange found
ScanMail for Microsoft Exchange took action on the message. The message
details were:
Symantec AVF detected an unrepairable
NAV for Microsoft Exchange
etc etc etc.
Sending out mass mailer responses to virii wastes as much respource as
coping with the virii themselves.
Stop wasting your and my bandwidth, send reports only to admin, check
the headers and if you receive mail form an address or domain often and
the headers check out, THEN notify the admin/postmaster of that domain.
I mean please, telling Lucy in the clerks dept about the fact that she
is sending virii to somebody she has never met in Luxembourg is only
going to cost her tima and money as she will call out her IT people to
clean her "infected machine"
Sorry about the rant, this is just one of the most annoying things that
for some reason no-one ever seems to consider when setting up all this
AV stuff.
Barry
[/snip of my previous]