Mailinglist Archive: opensuse-security (343 mails)

< Previous Next >
Re: [suse-security] unwanted virus infected email spam
  • From: Rainer Link <link@xxxxxxx>
  • Date: Wed, 18 Jul 2001 16:17:04 +0200 (CEST)
  • Message-id: <Pine.LNX.4.33.0107181558590.3971-100000@xxxxxxxxxxxx>
On Wed, 18 Jul 2001 michael.ryan@xxxxxxxx wrote:

> I did try adding a REJECT rule for hahaha@xxxxxxxxxxx to /etc/mail/access -
> this seemed to work for a week or two but the problem has since returned.
> Any ideas as to what I might try next as this kind of mindless activity
> really does my head in ...

I doubt this works. IIRC the Hybris worm uses an empty envelope address
(MAIL FROM: <>) and /etc/mail/access matches envelope addresses only (and
not the From: line in the message itself). But blocking mails with empty
MAIL FROM violates RFC 1123.

This is/was discussed again and again in comp.mail.sendmail, please
read through

You may write your own sendmail milter (sendmail shipped on SuSE 7.2 comes
with libmilter support) which checks if From: matches, after the
complete header of the mail has been transfered (the xxfi_eoh callback)
and then discards the message by simply returning SMFIS_REJECT or
SMFIS_DISCARD. (no I haven't tried that myself yet)

best regards,
Rainer Link

Rainer Link | SuSE - The Linux Experts
link@xxxxxxx | Developer of A Mail Virus Scanner ( | Founder OpenAntiVirus Project (

< Previous Next >