qmail Digest 30 Mar 1999 11:00:01 -0000 Issue 595
Topics (messages 23591 through 23657):
FW: GET ME OFF THIS DAMN LIST
23591 by: "Andrzej Kukula" <[EMAIL PROTECTED]>
23593 by: Russell Nelson <[EMAIL PROTECTED]>
23602 by: "Andrzej Kukula" <[EMAIL PROTECTED]>
23605 by: Russell Nelson <[EMAIL PROTECTED]>
23611 by: "Fred Lindberg" <[EMAIL PROTECTED]>
rblsmtpd just defers to my mx backup, so I get the spam :-(
23592 by: Peter Gradwell <[EMAIL PROTECTED]>
23594 by: Russell Nelson <[EMAIL PROTECTED]>
23598 by: [EMAIL PROTECTED]
23601 by: "Adam D. McKenna" <[EMAIL PROTECTED]>
running qmail-pop3d in RH's /etc/init.d/*
23595 by: Greg <[EMAIL PROTECTED]>
23596 by: Krzysztof Dabrowski <[EMAIL PROTECTED]>
23597 by: Greg <[EMAIL PROTECTED]>
23599 by: [EMAIL PROTECTED] (WOL - Odinn Sorensen)
23603 by: Fred Leeflang <[EMAIL PROTECTED]>
23607 by: [EMAIL PROTECTED]
23608 by: "Soffen, Matthew" <[EMAIL PROTECTED]>
23647 by: Tillman <[EMAIL PROTECTED]>
23655 by: Russ Allbery <[EMAIL PROTECTED]>
Virus-check for incoming mails with qmail
23600 by: Sascha Ottolski <[EMAIL PROTECTED]>
23604 by: "Alex Shipp" <[EMAIL PROTECTED]>
23606 by: Sascha Ottolski <[EMAIL PROTECTED]>
poor documentation example
23609 by: Bruce Guenter <[EMAIL PROTECTED]>
stay linefeeds
23610 by: Dax Kelson <[EMAIL PROTECTED]>
Restrict outbound mail (How to)
23612 by: [EMAIL PROTECTED]
23613 by: Gerry Boudreaux <[EMAIL PROTECTED]>
Melissa Virus
23614 by: Mark E Drummond <[EMAIL PROTECTED]>
23616 by: [EMAIL PROTECTED]
23617 by: "Chris Garrigues" <[EMAIL PROTECTED]>
23618 by: [EMAIL PROTECTED]
23619 by: Mark E Drummond <[EMAIL PROTECTED]>
23621 by: Rob Genovesi <[EMAIL PROTECTED]>
23624 by: "Alex at Star" <[EMAIL PROTECTED]>
23627 by: [EMAIL PROTECTED]
23628 by: Mark Delany <[EMAIL PROTECTED]>
23632 by: [EMAIL PROTECTED]
23633 by: "Jay D. Dyson" <[EMAIL PROTECTED]>
23635 by: "D. J. Bernstein" <[EMAIL PROTECTED]>
23636 by: Kai MacTane <[EMAIL PROTECTED]>
23639 by: "Sam" <[EMAIL PROTECTED]>
23640 by: "Brad (Senior Systems Administrator)" <[EMAIL PROTECTED]>
23641 by: [EMAIL PROTECTED]
23643 by: [EMAIL PROTECTED]
23644 by: [EMAIL PROTECTED]
23646 by: "Sam" <[EMAIL PROTECTED]>
23649 by: Dustin Marquess <[EMAIL PROTECTED]>
23656 by: Russ Allbery <[EMAIL PROTECTED]>
23657 by: Chris Green <[EMAIL PROTECTED]>
anyone got the melissa macro?
23615 by: [EMAIL PROTECTED]
23620 by: Vince Vielhaber <[EMAIL PROTECTED]>
23622 by: "Swanson, Scott" <[EMAIL PROTECTED]>
23626 by: "Alex at Star" <[EMAIL PROTECTED]>
23634 by: "t" <[EMAIL PROTECTED]>
23651 by: "Scott D. Yelich" <[EMAIL PROTECTED]>
Urgent question
23623 by: Rafael Correa <[EMAIL PROTECTED]>
23625 by: Gerry Boudreaux <[EMAIL PROTECTED]>
23629 by: Mark Delany <[EMAIL PROTECTED]>
Temporary_error_on_maildir_delivery
23630 by: Matej Skubic <[EMAIL PROTECTED]>
Important Mail From: (was Re: Melissa Virus)
23631 by: Richard Letts <[EMAIL PROTECTED]>
23638 by: "Sam" <[EMAIL PROTECTED]>
Melissa Mutations
23637 by: Kai MacTane <[EMAIL PROTECTED]>
APOP with qmail
23642 by: "Robert Wojciechowski Jr." <[EMAIL PROTECTED]>
qmail-popbull and multiple messages.
23645 by: Matt Simerson <[EMAIL PROTECTED]>
23648 by: Russell Nelson <[EMAIL PROTECTED]>
Qmail + Virus Email Scanning
23650 by: "Stephen Mills" <[EMAIL PROTECTED]>
How to ban a spam host.
23652 by: Georgi Kupenov <[EMAIL PROTECTED]>
23653 by: Anand Buddhdev <[EMAIL PROTECTED]>
Qmail + NFS
23654 by: Tommi Virtanen <[EMAIL PROTECTED]>
Administrivia:
To subscribe to the digest, e-mail:
[EMAIL PROTECTED]
To unsubscribe from the digest, e-mail:
[EMAIL PROTECTED]
To bug my human owner, e-mail:
[EMAIL PROTECTED]
To post to the list, e-mail:
[EMAIL PROTECTED]
----------------------------------------------------------------------
> >> > it's not just 2 lines. It's 2 lines x # of subscribers x messages per
> >day.
> >> > Assuming a "line" is 40 characters, there are 1000 subscribers, and 50
> >> > messages per day, that's 4 megabytes per day extra.
>
> >I wasn't suggesting 4 megs/day was excessive.. But it's not negligible..
>
> Average message 2K, 40 characters is 2% of traffic for this list. It
> that isn't negligable, what is?
Also, go ahead and compare a useful footnote approx. 80 bytes long
(see below, taken from Adam's post) against 512 or more bytes of
useless signatures...
andrzej
---
qmail mailing list - to unsubscribe, email [EMAIL PROTECTED]
Andrzej Kukula writes:
> qmail mailing list - to unsubscribe, email [EMAIL PROTECTED]
Do you have any evidence that it actually succeeds in reducing
unsubscribes sent to the list?
--
-russ nelson <[EMAIL PROTECTED]> http://crynwr.com/~nelson
Crynwr supports Open Source(tm) Software| PGPok | There is good evidence
521 Pleasant Valley Rd. | +1 315 268 1925 voice | that freedom is the
Potsdam, NY 13676-3213 | +1 315 268 9201 FAX | cause of world peace.
On 29 Mar 99 at 12:46, Russell Nelson wrote:
> Andrzej Kukula writes:
> > qmail mailing list - to unsubscribe, email [EMAIL PROTECTED]
>
> Do you have any evidence that it actually succeeds in reducing
> unsubscribes sent to the list?
No, I don't waste time to proove obvious things.
This *do* work, what any may see using hotmail, mailexcite, yahoo, or
other free mail accounts.
ITOH why do you add the signature to your email messages? Because you
believe -- you have no proven evidence -- that someone reads it.
There *is* an evidence that people review magazines from the last page to
the first (I work in the newspaper), also there's an evidence that people
tend to focus on the beginning and on the end of articles (like the
subject and postscriptum/signature/footnote of an e-mail).
andrzej
P.S. Didn't you read this line?
Andrzej Kukula writes:
> On 29 Mar 99 at 12:46, Russell Nelson wrote:
>
> > Andrzej Kukula writes:
> > > qmail mailing list - to unsubscribe, email [EMAIL PROTECTED]
> >
> > Do you have any evidence that it actually succeeds in reducing
> > unsubscribes sent to the list?
>
> No, I don't waste time to proove obvious things.
Hehe. If it were so obvious it wouldn't be so controversial. In my
experience, it doesn't help a whit.
--
-russ nelson <[EMAIL PROTECTED]> http://crynwr.com/~nelson
Crynwr supports Open Source(tm) Software| PGPok | There is good evidence
521 Pleasant Valley Rd. | +1 315 268 1925 voice | that freedom is the
Potsdam, NY 13676-3213 | +1 315 268 9201 FAX | cause of world peace.
On 29 Mar 1999 16:00:32 -0000, Russell Nelson wrote:
>Hehe. If it were so obvious it wouldn't be so controversial. In my
>experience, it doesn't help a whit.
rfc2369 is the way to do it. Promoting it to MUA authors should help.
-Sincerely, Fred
(Frederik Lindberg, Infectious Diseases, WashU, St. Louis, MO, USA)
Hi,
got an interesting spam last night, the offending header is thus:
> Received: from polaris.uk.insnet.net (194.177.174.245)
> by ice.gradwell.com with SMTP; 28 Mar 1999 22:23:41 -0000
> Received: from unknown (1Cust103.tnt4.krk1.da.uu.net [208.254.1.103])
> by polaris.uk.insnet.net
now, polaris.uk.insnet.net is my secondary mail relay. the spammer
will have tried to deliver this mail to ice.gradwell.com, however, it
will have been blackholed because I'm running rblsmtpd using the DUL
MAPS list to filter my mail.
Now, I rejected the mail, so it was delivered to insnet. I assume
that I then accepted the mail from my insnet relay, and thus I got
the spam.
Given that rblsmtpd only ever defer's mail, and it doesn't actually
reject it (to give sys admins time to fix their broken systems) is it
likely that the spam is going to reach me via my relay every time?
If so, would it be possible to have rblsmtpd actually bounce the mail
for people on the dul list?
It seems you can't win really :-(
peter.
--
peter at gradwell dot com; online @ http://www.gradwell.com/
"To look back all the time is boring. Excitement lies in tomorrow"
Peter Gradwell writes:
> now, polaris.uk.insnet.net is my secondary mail relay. the spammer
> will have tried to deliver this mail to ice.gradwell.com, however, it
> will have been blackholed because I'm running rblsmtpd using the DUL
> MAPS list to filter my mail.
Now you're finding out why some people deprecate secondary MX records.
> If so, would it be possible to have rblsmtpd actually bounce the mail
> for people on the dul list?
You have the source. I don't recall a command-line option to enable
this.
--
-russ nelson <[EMAIL PROTECTED]> http://crynwr.com/~nelson
Crynwr supports Open Source(tm) Software| PGPok | There is good evidence
521 Pleasant Valley Rd. | +1 315 268 1925 voice | that freedom is the
Potsdam, NY 13676-3213 | +1 315 268 9201 FAX | cause of world peace.
On Mon, 29 Mar 1999, Peter Gradwell wrote:
[snip]
> Given that rblsmtpd only ever defer's mail, and it doesn't actually
> reject it (to give sys admins time to fix their broken systems) is it
> likely that the spam is going to reach me via my relay every time?
>
> If so, would it be possible to have rblsmtpd actually bounce the mail
> for people on the dul list?
At least in version 0.70, -b will do what you want, as documented in 'man
rblsmtpd'.
> It seems you can't win really :-(
>
> peter.
>
> --
> peter at gradwell dot com; online @ http://www.gradwell.com/
>
> "To look back all the time is boring. Excitement lies in tomorrow"
>
--
"Life is much too important to be taken seriously."
Thomas Erskine <[EMAIL PROTECTED]> (613) 998-2836
From: Peter Gradwell <[EMAIL PROTECTED]>
: If so, would it be possible to have rblsmtpd actually bounce the mail
: for people on the dul list?
:
: It seems you can't win really :-(
Using -b on the command line will tell rblsmtpd to use a permanent error
code (553) instead of a temporary one.
--Adam
the script qmail-pop3d.init exists in the same place
as qmail-smtpd.init and qmail.init, but it doesn't start on
boot-up? I'm beginning to dislike the way RH "hides" stuff ;(
please have I missed something?
--
Greg
ICQ# 17606315
Phone : +61 7 4125 1180
... and the box said "windows 95, or better", so I got Linux
_____________________________________________________________
At 22:56 99-03-29 -1000, Greg wrote:
>
>the script qmail-pop3d.init exists in the same place
>as qmail-smtpd.init and qmail.init, but it doesn't start on
>boot-up? I'm beginning to dislike the way RH "hides" stuff ;(
>please have I missed something?
Redhat doesn't hide anything.
first cat your /etc/inittab and find a line with initdefault. something like:
id:3:initdefault
now you see that in my case, my default runlevel is 3.
now just make a link from /etc/rc.d/rc3.d/ to your init script
and give it a name beginig with Sxxsomething , where xx is a valuer from 00
to 99 (take 99 for example).
And that's all.
Kris
yup, it is there /etc/init.d/.... and it is executable, that's
what's got me stuffed?
i'll check out linuxconf, and it that fails, rc.local's the go...
that's how I do things on my "slack" boxes, even a nong! like me,
can follow that.
thanks
t wrote:
>
> Use linuxconf to isntall the service or add it to a rc file ... there is a
> directory you can copy the scripts to /etc/rc.d/init.d/ if the script it
> there (which i assume it is... as it looks like in your subject you just
> made a boo boo.) then make sure it is marked for execution. Another way is
> to simply call the script from your rc.local and execute it that way. Either
> way make sure it is executable.
>
> Todd
>
> -----Original Message-----
> From: Greg [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, March 30, 1999 3:57 AM
> To: QMail
> Subject: running qmail-pop3d in RH's /etc/init.d/*
>
> the script qmail-pop3d.init exists in the same place
> as qmail-smtpd.init and qmail.init, but it doesn't start on
> boot-up? I'm beginning to dislike the way RH "hides" stuff ;(
> please have I missed something?
>
> --
> Greg
> ICQ# 17606315
> Phone : +61 7 4125 1180
>
> ... and the box said "windows 95, or better", so I got Linux
> _____________________________________________________________
--
Greg
ICQ# 17606315
Phone : +61 7 4125 1180
... and the box said "windows 95, or better", so I got Linux
_____________________________________________________________
Hej QMail.
Mon 29 Mar 1999 23:27, Greg <[EMAIL PROTECTED]> wrote:
> yup, it is there /etc/init.d/.... and it is executable, that's
> what's got me stuffed?
> i'll check out linuxconf, and it that fails, rc.local's the go...
run: chkconfig qmail-pop3d.init on
--
Med venlig hilsen / Best Regards
Odinn S�rensen (Mailserver division) / World Online Denmark A/S
Peter Bangs Vej 26, 2000 Frederiksberg, Denmark
Tlf. (+45) 38 14 70 00 - Fax (+45) 38 14 70 07
the proper way to do this in RH is through the program 'chkconfig'.
it would appear though that chkconfig does not like scripts with an extension
such as .init. took me a while to figure that one out. (this is on RH5.2)
-Fred
Krzysztof Dabrowski wrote:
> At 22:56 99-03-29 -1000, Greg wrote:
> >
> >the script qmail-pop3d.init exists in the same place
> >as qmail-smtpd.init and qmail.init, but it doesn't start on
> >boot-up? I'm beginning to dislike the way RH "hides" stuff ;(
> >please have I missed something?
>
> Redhat doesn't hide anything.
>
> first cat your /etc/inittab and find a line with initdefault. something like:
>
> id:3:initdefault
>
> now you see that in my case, my default runlevel is 3.
> now just make a link from /etc/rc.d/rc3.d/ to your init script
> and give it a name beginig with Sxxsomething , where xx is a valuer from 00
> to 99 (take 99 for example).
> And that's all.
>
> Kris
--
First they ignore you.
Then they laugh at you.
Then they fight you.
Then you win.
On Mon, Mar 29, 1999 at 11:27:19PM -1000, Greg wrote:
> yup, it is there /etc/init.d/.... and it is executable, that's
> what's got me stuffed?
> i'll check out linuxconf, and it that fails, rc.local's the go...
> that's how I do things on my "slack" boxes, even a nong! like me,
> can follow that.
>
Hey,
Did you figure it out?
You have to simbolically link the files in /etc/rc.d/init.d to
one of the startup directories. For example, here is how I
have my qmail startup script done:
[kbo@webmail /]$ ls -l /etc/rc.d/*/*qmail
-rwxr-xr-x 1 root root 886 Mar 22 12:12 /etc/rc.d/init.d/qmail
lrwxrwxrwx 1 root root 22 Mar 13 12:11 /etc/rc.d/rc0.d/K30qmail
-> /etc/rc.d/init.d/qmail
lrwxrwxrwx 1 root root 22 Mar 13 12:11 /etc/rc.d/rc1.d/K30qmail
-> /etc/rc.d/init.d/qmail
lrwxrwxrwx 1 root root 22 Mar 13 12:11 /etc/rc.d/rc2.d/K30qmail
-> /etc/rc.d/init.d/qmail
lrwxrwxrwx 1 root root 22 Mar 13 12:11 /etc/rc.d/rc3.d/S80qmail
-> /etc/rc.d/init.d/qmail
lrwxrwxrwx 1 root root 22 Mar 13 12:11 /etc/rc.d/rc4.d/K30qmail
-> /etc/rc.d/init.d/qmail
lrwxrwxrwx 1 root root 22 Mar 13 12:11 /etc/rc.d/rc5.d/K30qmail
-> /etc/rc.d/init.d/qmail
lrwxrwxrwx 1 root root 22 Mar 13 12:11 /etc/rc.d/rc6.d/K30qmail
-> /etc/rc.d/init.d/qmail
Ken Jones
Inter7
OR.... What you do is add a single line to the /etc/rc.d/rc.local file.
> -----Original Message-----
> From: [EMAIL PROTECTED] [SMTP:[EMAIL PROTECTED]]
> Sent: Monday, March 29, 1999 11:36 AM
> To: Greg
> Cc: [EMAIL PROTECTED]
> Subject: Re: running qmail-pop3d in RH's /etc/init.d/*
>
> On Mon, Mar 29, 1999 at 11:27:19PM -1000, Greg wrote:
> > yup, it is there /etc/init.d/.... and it is executable, that's
> > what's got me stuffed?
> > i'll check out linuxconf, and it that fails, rc.local's the go...
> > that's how I do things on my "slack" boxes, even a nong! like me,
> > can follow that.
> >
>
> Hey,
>
> Did you figure it out?
>
> You have to simbolically link the files in /etc/rc.d/init.d to
> one of the startup directories. For example, here is how I
> have my qmail startup script done:
>
> [kbo@webmail /]$ ls -l /etc/rc.d/*/*qmail
> -rwxr-xr-x 1 root root 886 Mar 22 12:12
> /etc/rc.d/init.d/qmail
> lrwxrwxrwx 1 root root 22 Mar 13 12:11
> /etc/rc.d/rc0.d/K30qmail
> -> /etc/rc.d/init.d/qmail
> lrwxrwxrwx 1 root root 22 Mar 13 12:11
> /etc/rc.d/rc1.d/K30qmail
> -> /etc/rc.d/init.d/qmail
> lrwxrwxrwx 1 root root 22 Mar 13 12:11
> /etc/rc.d/rc2.d/K30qmail
> -> /etc/rc.d/init.d/qmail
> lrwxrwxrwx 1 root root 22 Mar 13 12:11
> /etc/rc.d/rc3.d/S80qmail
> -> /etc/rc.d/init.d/qmail
> lrwxrwxrwx 1 root root 22 Mar 13 12:11
> /etc/rc.d/rc4.d/K30qmail
> -> /etc/rc.d/init.d/qmail
> lrwxrwxrwx 1 root root 22 Mar 13 12:11
> /etc/rc.d/rc5.d/K30qmail
> -> /etc/rc.d/init.d/qmail
> lrwxrwxrwx 1 root root 22 Mar 13 12:11
> /etc/rc.d/rc6.d/K30qmail
> -> /etc/rc.d/init.d/qmail
>
> Ken Jones
> Inter7
Or, as it's RedHat, use the chkconfig utility after creating your rc script
in the /etc/rc.d/init.d directory. It handles the creation of the
symlinks, by run level. Saves you a few steps, and if consistently used
produces consistent results (unlike my lets-toss-something-together usual
level of consistency :-)
-Tillman Hodgson
"Soffen, Matthew" wrote:
> OR.... What you do is add a single line to the /etc/rc.d/rc.local file.
>
> > -----Original Message-----
> > From: [EMAIL PROTECTED] [SMTP:[EMAIL PROTECTED]]
> > Sent: Monday, March 29, 1999 11:36 AM
> > To: Greg
> > Cc: [EMAIL PROTECTED]
> > Subject: Re: running qmail-pop3d in RH's /etc/init.d/*
> >
> > On Mon, Mar 29, 1999 at 11:27:19PM -1000, Greg wrote:
> > > yup, it is there /etc/init.d/.... and it is executable, that's
> > > what's got me stuffed?
> > > i'll check out linuxconf, and it that fails, rc.local's the go...
> > > that's how I do things on my "slack" boxes, even a nong! like me,
> > > can follow that.
> > >
> >
> > Hey,
> >
> > Did you figure it out?
> >
> > You have to simbolically link the files in /etc/rc.d/init.d to
> > one of the startup directories. For example, here is how I
> > have my qmail startup script done:
> >
> > [kbo@webmail /]$ ls -l /etc/rc.d/*/*qmail
> > -rwxr-xr-x 1 root root 886 Mar 22 12:12
> > /etc/rc.d/init.d/qmail
> > lrwxrwxrwx 1 root root 22 Mar 13 12:11
> > /etc/rc.d/rc0.d/K30qmail
> > -> /etc/rc.d/init.d/qmail
> > lrwxrwxrwx 1 root root 22 Mar 13 12:11
> > /etc/rc.d/rc1.d/K30qmail
> > -> /etc/rc.d/init.d/qmail
> > lrwxrwxrwx 1 root root 22 Mar 13 12:11
> > /etc/rc.d/rc2.d/K30qmail
> > -> /etc/rc.d/init.d/qmail
> > lrwxrwxrwx 1 root root 22 Mar 13 12:11
> > /etc/rc.d/rc3.d/S80qmail
> > -> /etc/rc.d/init.d/qmail
> > lrwxrwxrwx 1 root root 22 Mar 13 12:11
> > /etc/rc.d/rc4.d/K30qmail
> > -> /etc/rc.d/init.d/qmail
> > lrwxrwxrwx 1 root root 22 Mar 13 12:11
> > /etc/rc.d/rc5.d/K30qmail
> > -> /etc/rc.d/init.d/qmail
> > lrwxrwxrwx 1 root root 22 Mar 13 12:11
> > /etc/rc.d/rc6.d/K30qmail
> > -> /etc/rc.d/init.d/qmail
> >
> > Ken Jones
> > Inter7
Tillman <[EMAIL PROTECTED]> writes:
> Or, as it's RedHat, use the chkconfig utility after creating your rc
> script in the /etc/rc.d/init.d directory. It handles the creation of
> the symlinks, by run level. Saves you a few steps, and if consistently
> used produces consistent results (unlike my lets-toss-something-together
> usual level of consistency :-)
I haven't seen anyone yet mention that if you use chkconfig, you have to
have a comment in the init script that tells it what runlevels to create
links for.
Here's an example from my qmail init script:
# chkconfig: 345 60 20
# description: qmail is the mail subsystem, handling both accepting new \
# mail and sending outgoing mail.
--
Russ Allbery ([EMAIL PROTECTED]) <URL:http://www.eyrie.org/~eagle/>
On Mon, 29 Mar 1999 10:22:21 BST "Alex Shipp" wrote:
>
> >Does anyone have experience with MTA virus checking? All I heard of was
> >slowing down mail for a company up to two days. That may be simply an
> >inappropriate machine but it triggers all kinds of alarm in my head.
>
>
> We pass all our mail through 3 scanners. For an average sized mail,
> this takes about 5 seconds elapsed time.
This sounds interesting, would you mind to explain how your setup works?
Sascha
>This sounds interesting, would you mind to explain how your setup works?
We have a front-end to qmail-inject which splits off all mail attachments,
and passes them through three virus scanners. If a virus is detected, the
original mail is canned, and warning mails are generated to the sender and
recipients. We usually catch about 70 per day, but obviously this has gone
off the scale today with Melissa....
______________________________________________________________________
This message has been checked for viruses by the Star Screening System
http://www.star.co.uk
On Mon, 29 Mar 1999 16:47:15 BST "Alex Shipp" wrote:
> >This sounds interesting, would you mind to explain how your setup works?
>
> We have a front-end to qmail-inject which splits off all mail attachments,
> and passes them through three virus scanners. If a virus is detected, the
> original mail is canned, and warning mails are generated to the sender and
> recipients. We usually catch about 70 per day, but obviously this has gone
> off the scale today with Melissa....
Okay, but you do mind to show us your frontend, right ? :-)
Greetings, Sascha
On Sat, Mar 27, 1999 at 10:25:02PM -0800, Russ Allbery wrote:
> Dan, would you consider providing some way for the installation location
> to be different than the final run location?
The method I have used (successfully) is to set up conf-home for the run
location, do a make, and then set conf-home for the install location and
run "make install". It will only rebuild those files needed for the
install binary without touching the others.
--
Bruce Guenter, QCC Communications Corp. EMail: [EMAIL PROTECTED]
Phone: (306)249-0220 WWW: http://www.qcc.sk.ca/~bguenter/
Does anyone have a URL to that qmail-smtpd patch?
Dax Kelson
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Content-MD5: NSKRjN+D4QhC+S2LIr1kfw==
Hello list
I have to restrict outbound mail (outside my domain) to only authorized users,
I cannot do it based on IP addresses because station's IP addresses are
dynamically attributed (DHCP), I would need a mechanism similar to POP3 where the user
has to input a password to access his mailbox but for outbound mail:
e.g: When the user clicks on send, he would have to input his pop3 password for his
mail to be sent.
Does anybody know of a way of achieving this ??
Thanks
Christian Tremblay
I am using open-smtp that Russell Nelson wrote.
Works great!
Available at www.qmail.org
Hope this helps
Gerry Boudreaux
At 01:17 PM 3/29/99 -0500, you wrote:
>Mime-Version: 1.0
>
>Content-Type: text/plain; charset=us-ascii
>
>Content-Transfer-Encoding: 7bit
>
>Content-MD5: NSKRjN+D4QhC+S2LIr1kfw==
>
>
>
>
>Hello list
>
>
>
>
>
>
>
>I have to restrict outbound mail (outside my domain) to only authorized users,
>
>I cannot do it based on IP addresses because station's IP addresses are
>
>dynamically attributed (DHCP), I would need a mechanism similar to POP3
>where the user
>
>has to input a password to access his mailbox but for outbound mail:
>
>e.g: When the user clicks on send, he would have to input his pop3 password
>for his
>
>mail to be sent.
>
>
>
>Does anybody know of a way of achieving this ??
>
>
>
>Thanks
>
>
>
>Christian Tremblay
>
>
>
>
>
Here we have a serious problem folks. Sendmail had a "fix" out for
Melissa very shortly after it came out, and we are sitting pretty. I
made a big push here to move our org to qmail because qmail seemed to be
way superior. Now I am really ticked by my inability to write/use simple
rulesets to solve this problem.
If anyone knows how to insert a filter of some sort into the qmail
stream I'd love to hear about it, else I can see qmail getting the boot,
and I _really_ don't want to have to go back to sendmail!
--
_________________________________________________________________
Mark E Drummond Royal Military College of Canada
[EMAIL PROTECTED] Computing Services
Linux Uber Alles perl || die
On Mon, Mar 29, 1999 at 03:01:37PM -0500, Mark E Drummond wrote:
> Here we have a serious problem folks. Sendmail had a "fix" out for
> Melissa very shortly after it came out, and we are sitting pretty. I
> made a big push here to move our org to qmail because qmail seemed to be
> way superior. Now I am really ticked by my inability to write/use simple
> rulesets to solve this problem.
The sendmail "fix" is silly. It's 4 lines (or something), and all it does
is search for a string in the subject line. That "fix" is more
likely to bounce good mail than it is to catch the virus. At any
rate, I just sent off a plea to the list for a copy of this virus to
work from. If and when I come up with something acceptable, it will
be released to the qmail community, probably under the GPL, but definitely
for free. I'm undecided on whether to patch the source, or just make a
standalone program to be called from a .qmail file.
--
Erik Nielsen, Cyberhighway Internet Services NOC
USER, n.: The word computer professionals use when they mean "idiot."
-- Dave Barry, "Claw Your Way to the Top"
-----BEGIN PGP MESSAGE-----
Version: 2.6.2
iQB1AwUBNv/hnZaQnaaFII2dAQF93gMAsS9Inkzt0+IiVMcetJjudi0F0Gq9znZY
SivVfogJrkYQLPtSZB9z+qS2eJ+VstiwUJYfqVvIO5oFCd1tCfHQGSOs98dH5MiA
fheFLp5Ckiu/TLM4rvXT7k8DT7PVqpuu
=S22P
-----END PGP MESSAGE-----
>> On Mon, 29 Mar 1999 15:01:37 -0500,
>> Mark E Drummond <[EMAIL PROTECTED]> said:
M> Here we have a serious problem folks. Sendmail had a "fix" out for
M> Melissa very shortly after it came out, and we are sitting pretty. I
M> made a big push here to move our org to qmail because qmail seemed to be
M> way superior. Now I am really ticked by my inability to write/use simple
M> rulesets to solve this problem.
M> If anyone knows how to insert a filter of some sort into the qmail
M> stream I'd love to hear about it, else I can see qmail getting the boot,
M> and I _really_ don't want to have to go back to sendmail!
FWIW, I use procmail to handle local mail delivery and filtering.
Here's my ~/.qmail file:
| preline /usr/local/bin/procmail
Some procmail rules for sanitizing mail in general (including a specific
mail recipe for Melissa) can be found here:
http://www.wolfenet.com/~jhardin/html-trap.procmail
--
Karl Vogel
ASC/YCOA, Wright-Patterson AFB, OH 45433, USA
[EMAIL PROTECTED] or [EMAIL PROTECTED]
Mark E Drummond wrote:
>
> Here we have a serious problem folks. Sendmail had a "fix" out for
For what it is worth, I am not even going to bother with this now. Not
much point really since an inline script would just increase load and
since the "fix" for sendmail is dependant on the Subject line of the
email. Not much of a fix really ...
--
_________________________________________________________________
Mark E Drummond Royal Military College of Canada
[EMAIL PROTECTED] Computing Services
Linux Uber Alles perl || die
This fix seems like a perfectly good idea to me. If the subject line is
autmatically created by the Virus macro and then sending it out 50 times,
rejecting these 50 messages would stop the propagation of the Virus. Don't
discount the effectiveness of this "fix" because of its simplicity.
Btw ... what is the easiest way to do the same thing to Qmail?
>The sendmail "fix" is silly. It's 4 lines (or something), and all it does
>is search for a string in the subject line. That "fix" is more
>likely to bounce good mail than it is to catch the virus.
Rob Genovesi
[EMAIL PROTECTED]
>This fix seems like a perfectly good idea to me. If the subject line is
>autmatically created by the Virus macro and then sending it out 50 times,
>rejecting these 50 messages would stop the propagation of the Virus. Don't
>discount the effectiveness of this "fix" because of its simplicity.
Not true. We are now seeing secondary infections where people are sending
out
other word documents not realising that they are infected by melissa.
Checking the
subject line only traps the emails generated by the outlook engine.
______________________________________________________________________
This message has been checked for viruses by the Star Screening System
http://www.star.co.uk
On Mon, Mar 29, 1999 at 12:55:58PM -0800, Rob Genovesi wrote:
> This fix seems like a perfectly good idea to me. If the subject line is
> autmatically created by the Virus macro and then sending it out 50 times,
> rejecting these 50 messages would stop the propagation of the Virus. Don't
> discount the effectiveness of this "fix" because of its simplicity.
The problem is that it's far from foolproof...there are already versions
of the virus that send out with blank subject lines, and I'm sure
there are other subject lines out there too. So, the subject line
checking is next to useless...any self-respecting cracker would change the
thing around after they saw sendmail's "fix". Even a script kiddie could
probably figure out how to change it.
--
Erik Nielsen, Cyberhighway Internet Services NOC
So I'm thinking about ??, or !!, or //, or \\, or whatever. But I
think I like ?? the best so far. Or the least worst.
-- Larry Wall in <[EMAIL PROTECTED]>
At 03:48 PM Monday 3/29/99, Mark E Drummond wrote:
>Mark E Drummond wrote:
>>
>> Here we have a serious problem folks. Sendmail had a "fix" out for
>
>For what it is worth, I am not even going to bother with this now. Not
>much point really since an inline script would just increase load and
>since the "fix" for sendmail is dependant on the Subject line of the
>email. Not much of a fix really ...
FWIW, the subject line is hard coded into the virus. That said of course,
the virus code is easily extractable and thus can be simply altered to
bypass such filters.
The point about any "fix" of this nature is that people like to do something
quickly and worry about a "pure" solution later on. Rumour has it that
Microsoft's quick fix was to shut down their Internet mail servers...
Regards.
>FWIW, the subject line is hard coded into the virus. That said of course,
>the virus code is easily extractable and thus can be simply altered to
>bypass such filters.
Yup, looks easy enough to change. I don't recognize the language
(something akin to Basic, perhaps), but could probably reverse-engineer
enough of it from that code snippet to play with it myself, if I wanted
to waste time doing that sort of thing. (IMO it's rather pointless,
since users of Microsoft Word already *have* viruses on their system --
W95, W98, Word, Office, etc. :)
>The point about any "fix" of this nature is that people like to do something
>quickly and worry about a "pure" solution later on. Rumour has it that
>Microsoft's quick fix was to shut down their Internet mail servers...
Not just rumor. CNBC reported that earlier today (around lunchtime).
Saw it myself.
I just looked at this "virus". It's some kind of code. Like I assumed,
when I first saw the TV reports on it.
So, indeed, the problem is just that some people stupidly use MUA's
that, when you "open" an email (aka "read it"), they decide to execute
whatever code they can determine is included (via attachment, whatever),
without restricting the environment for such code.
There's no real prevention for this sort of problem, other than no longer
using MUA's that behave like that.
Or am I missing someting?
tq vm, (burley)
-----BEGIN PGP SIGNED MESSAGE-----
On 29 Mar 1999 [EMAIL PROTECTED] wrote:
> Yup, looks easy enough to change. I don't recognize the language
> (something akin to Basic, perhaps)
It's Visual Basic.
> >The point about any "fix" of this nature is that people like to do something
> >quickly and worry about a "pure" solution later on. Rumour has it that
> >Microsoft's quick fix was to shut down their Internet mail servers...
>
> Not just rumor. CNBC reported that earlier today (around lunchtime).
> Saw it myself.
Oh, the humanity! The last and only time I saw such a "solution"
being necessary was during the Internet Worm incident of the late '80s.
> There's no real prevention for this sort of problem, other than no
> longer using MUA's that behave like that.
Unfortunately, all too many users (not to mention middle and upper
management types) will gleefully sacrifice security in the name of
convenience. As a consequence, they get neither.
- -Jay
( ______
)) .-- "There's always time for a good cup of coffee." --. >===<--.
C|~~| (>-- Jay D. Dyson -- [EMAIL PROTECTED] --<) | = |-'
`--' `-- As a matter of fact, I *am* a rocket scientist. --' `-----'
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQCVAwUBNv/0Ic2OVDpaKXD9AQHcJQP7B9P45JcLi/UI258ttKmos2TDQegmwfYP
LMP09Zq2m2nKMJKzgJwnUGMLg25jB7jqozar1VJAt4SOEOi/yEhXk5VvDDkH9729
2wh1TnwM4eQidWxpJQ+QGaSrpAveQBdKlZ4mZbnAFH4fvNxhT9d7zjYHDPCnGtIj
DYDLxTOG2sA=
=+LMM
-----END PGP SIGNATURE-----
[EMAIL PROTECTED] writes:
> The sendmail "fix" is silly. It's 4 lines (or something), and all it does
> is search for a string in the subject line. That "fix" is more
> likely to bounce good mail than it is to catch the virus.
Indeed. Legitimate messages do occasionally contain the same ``Important
Message From'' subject line that the Melissa worm produces. If, however,
someone does want this ``fix'' for qmail, here's a sample one-liner to
put before ./Mailbox in /var/qmail/rc or in the POP-toaster .qmail file:
| bouncesaying VIRUS awk '/^Subject: I am a virus/{exit 0}/^$/{exit 1}END{exit 1}'
To test, put this line into ~you/.qmail-melissa and send some messages
to you-melissa. If you have Microsoft users with their own .qmail files,
they can decide for themselves whether to add this to .qmail.
---Dan
Text written by [EMAIL PROTECTED] at 09:30 PM 3/29/99 -0000:
>
>Yup, looks easy enough to change. I don't recognize the language
>(something akin to Basic, perhaps)
It's Visual Basic for Applications, aka VBA. It's a Visual Basic variant
that Microsoft uses as their macro language for all Office apps.
>since users of Microsoft Word already *have* viruses on their system --
>W95, W98, Word, Office, etc. :)
I see the smiley, but just have to point out: they're not viruses, because
they don't replicate themselves. Maybe they'd qualify as trojan horses?
>So, indeed, the problem is just that some people stupidly use MUA's
>that, when you "open" an email (aka "read it"), they decide to execute
>whatever code they can determine is included (via attachment, whatever),
>without restricting the environment for such code.
>
>Or am I missing someting?
Sort of. The problem isn't really the MUAs so much as the user behaviors:
the user has to explicitly activate the virus-attachment. I don't know of
any Windows MUAs that *automatically* run any attachment they receive --
even Windows users would consider that a security risk. In general in the
Windows world, when you open an attachment, the MUA tells the OS to load
the appropriate app for viewing files of that type (where "type" is
determined solely by filename extension, of course, rather than something
sane like header info). It's not considered to be the MUA's job to sanitize
the execution environment for another application, and it may even be
impossible on Windows' architecture.
So the problem is twofold: the OS this virus affects sucks rocks, and we
have users activating attachments whose contents they're not sure of. To
give the users some credit though, the attachments are coming from *known*
sources: Melissa sends herself to addresses found in Outlook's address
book, which are presumably people the infected address normally corresponds
with.
Of course, if the recipient users were smart, they might think "what
important information I asked you for?"
-----------------------------------------------------------------
Kai MacTane
System Administrator
Online Partners.com, Inc.
-----------------------------------------------------------------
>From the Jargon File: (v4.0.0, 25 Jul 1996)
scram switch /n./
[from the nuclear power industry] An emergency-power-off switch (see
Big Red Switch), esp. one positioned to be easily hit by evacuating
personnel. In general, this is *not* something you frob lightly;
these often initiate expensive events (such as Halon dumps) and are
installed in a dinosaur pen for use in case of electrical fire or
in case some luckless field servoid should put 120 volts across
himself while Easter egging.
[EMAIL PROTECTED] writes:
> Yup, looks easy enough to change. I don't recognize the language
> (something akin to Basic, perhaps), but could probably reverse-engineer
> enough of it from that code snippet to play with it myself, if I wanted
> to waste time doing that sort of thing. (IMO it's rather pointless,
> since users of Microsoft Word already *have* viruses on their system --
> W95, W98, Word, Office, etc. :)
After reading about it in the press, all day, and on the web, I've come to
the conclusion that there's no doubt whatsoever that the goal of the
virus's author was to demonstrate the flawed technical foundation of the
Windows OS. If the author really had malicious intensions in mind, the
damage would've been far, far, greater.
The only reason something like this hasn't happened sooner is because MS
charges prohibitive fees for technical information that's needed in order
to write applications of this type, and only people who paid hefty sums of
money for subscriptions to MSDN, and various other MS developer programs,
would know enough to cook this up.
--
Sam
Anyone see any problem with writing something for qmail that
scans messages for code fragments, and dumps them to
/dev/null??
I agree with Mark.. There are a lot of people who see this
as a political thing that _needs_ to be dealt with. Just
inserting something, anything, to make the people with the
money hand down some respect for our "rapid response" to
this "crisis" would be nice. It bothers me that I have seen
nothing (aside from a per-user solution) to globally
generate a "solution".
I personally don't care if this solution is a "perfect" one,
but I would like to assist in the development of something
on the server end of the aspect, which will help the
"situation".. If you know what I mean.
I know it is not a flaw with qmail, and I typically go with:
if its not broke, don't fix it. But I am the curious one,
and would like to know how to do this anyway.
Thanks,
Brad
On Mon, Mar 29, 1999 at 05:25:16PM -0700, Brad (Senior Systems Administrator) wrote:
>
> Anyone see any problem with writing something for qmail that
> scans messages for code fragments, and dumps them to
> /dev/null??
Well, I've been looking into this throughout the day,
and the answer is non-trivial, because you have to separate out
the attachment and decode it (it'll be in base64) first.
Given that I haven't written any C at all in ages, and perl would
not be scalable enough, it's an uphill battle.
Also, if you're talking about any code fragments, I don't think that
should happen. There are a few strings that are always going to be in
macro viruses in order for them to be effective, and the plan is
to search for those.
--
Erik Nielsen, Cyberhighway Internet Services NOC
I'm reminded of the day my daughter came in, looked over my shoulder at
some Perl 4 code, and said, "What is that, swearing?"
-- Larry Wall in <[EMAIL PROTECTED]>
>>since users of Microsoft Word already *have* viruses on their system --
>>W95, W98, Word, Office, etc. :)
>
>I see the smiley, but just have to point out: they're not viruses, because
>they don't replicate themselves. Maybe they'd qualify as trojan horses?
(Pretty much all viruses turn their hosts into trojan horses, right?)
I was referring to the fact that these products manage to insinuate
themselves into standard channels -- like email (SMTP), the web (HTTP),
and so on -- in the "embrace and extend" fashion that results in my
getting ugly-looking "MIME-encoded" emails, mostly from AOL users,
and not being able to access many web sites due to their "viewable
only by MSIE and Netscape" status.
It's a stretch, of course, but the viral nature of that behavior is
that people without the backbone/stubbornness/laziness of someone
like me tend to think "well, I've got to get the same software -- I guess
that makes sense" and help create more copies of the software.
(And, oh, the annoyances of trying to explain to people, who don't
realize they've become such conformists, that "why don't you just switch
to MS products [so I don't have to learn to properly configure *mine*
to play nice with the entire Internet]?" is *not* going to get a
positive response from me!)
Ah, perhaps I can somehow join in and help out convincing thoughtful
people of the joys of properly, and *ethically*, engineered products,
like qmail, which are designed to do one thing very well, instead of
several things adequately so as to capture an audience.
tq vm, (burley)
>[EMAIL PROTECTED] writes:
>
>> Yup, looks easy enough to change. I don't recognize the language
>> (something akin to Basic, perhaps), but could probably reverse-engineer
>> enough of it from that code snippet to play with it myself, if I wanted
>> to waste time doing that sort of thing. (IMO it's rather pointless,
>> since users of Microsoft Word already *have* viruses on their system --
>> W95, W98, Word, Office, etc. :)
>
>After reading about it in the press, all day, and on the web, I've come to
>the conclusion that there's no doubt whatsoever that the goal of the
>virus's author was to demonstrate the flawed technical foundation of the
>Windows OS. If the author really had malicious intensions in mind, the
>damage would've been far, far, greater.
Indeed, and thanks to others as well for correcting me. Not long after
I sent my email, I saw a remarkably decent little report (for a TV
news show) on WJAR Channel 10 (Providence), where their "webmaster"
explained that it wasn't just reading/opening the mail *itself* that
caused the problem, but doing that and *then* opening the enclosed
MS Word document, and that only if something she referred to as "Macros"
hadn't been disabled.
In that sense, it isn't too different from a Linux user like myself
reading email via Emacs, seeing a uuencoded, gzip'ed executable,
unpacking it, and then running it, without regard for whether that's
safe. (Except, since it isn't just a few clicks away in that
environment, I'd have to read the docs to know how to set that up,
and thus know enough to not take such chances.)
>The only reason something like this hasn't happened sooner is because MS
>charges prohibitive fees for technical information that's needed in order
>to write applications of this type, and only people who paid hefty sums of
>money for subscriptions to MSDN, and various other MS developer programs,
>would know enough to cook this up.
The media reports I've seen don't tend to focus on the underlying
problems of canned user applications defaulting to settings that make
it easy for users to invite viruses and trojan horses to walk right
in to their systems and do as they please.
Instead, they focus on the fairly simple-minded sorts of filtering
that has been discussed, and appropriately handwaved as an
inappropriate kludge, on this list.
Why do I get the impression all this MS software is set up that way
so that people can get emails containing things like dancing babies
without MS actually having to define a real protocol for animation
(for example)?
tq vm, (burley)
[EMAIL PROTECTED] writes:
> Well, I've been looking into this throughout the day,
> and the answer is non-trivial, because you have to separate out
> the attachment and decode it (it'll be in base64) first.
> Given that I haven't written any C at all in ages, and perl would
> not be scalable enough, it's an uphill battle.
My maildrop mail filter includes a standalone utility called 'reformime'
which, amongst other things, can grab an arbitrary MIME attachment, and
decode it.
reformime is experimental, it may have a few glitches here and there, but,
overall, it works. You will need to call it a couple of times -- first to
get the 'MIME layout' of the E-mail message, basically a schematic of which
attachments are attached where. Finally, use it again to decode the
attachments. This will require you to write a suitable shell or perl
wrapper, but the basic tools are there.
See http://www.flounder.net/~mrsam/maildrop/
--
Sam
On 30 Mar 1999 [EMAIL PROTECTED] wrote:
[SNIP]
> In that sense, it isn't too different from a Linux user like myself
> reading email via Emacs, seeing a uuencoded, gzip'ed executable,
> unpacking it, and then running it, without regard for whether that's
> safe. (Except, since it isn't just a few clicks away in that
> environment, I'd have to read the docs to know how to set that up,
> and thus know enough to not take such chances.)
[SNIP]
That's why after you ungzip a binary in Linux that you got
from email, you do a: strings file | more on it. Usually if to
contains questionable strings (like '/etc/shadow'), then you know to
look out :)
-Dustin
Kai MacTane <[EMAIL PROTECTED]> writes:
> Sort of. The problem isn't really the MUAs so much as the user
> behaviors: the user has to explicitly activate the virus-attachment. I
> don't know of any Windows MUAs that *automatically* run any attachment
> they receive -- even Windows users would consider that a security
> risk. In general in the Windows world, when you open an attachment, the
> MUA tells the OS to load the appropriate app for viewing files of that
> type (where "type" is determined solely by filename extension, of
> course, rather than something sane like header info).
I'd like to back this up, and point out here that too much Microsoft
bashing on this one is misplaced. This particular attack is not
Microsoft-specific in any way other than having happened to be written
against a widely used Microsoft applciation; the property that it needs to
be effective is a document viewer with an embedded macro language in which
macros are executed by default.
You could run precisely this same attack against a Unix user with, for
example, a DVI document. The DVI formatting language allows for shell
escapes, and xdvi knows how to execute them. This capability is, of
course, not the default; you have to run xdvi with a special command-line
option to tell it that it's safe to do this.
Now, I'm not a Word user, so I don't know for sure, but I've at least
heard that automatic execution of macros in Word documents is *off* by
default. Extrapolating from that, however, I would imagine that Word
probably pops up a warning dialog box, and users get tired of saying "yes,
it's okay."
In other words, to be blunt, this isn't a Windows problem. This is a user
stupidity problem. The *only* effective long-term solution to these sorts
of problems is to bludgeon people about the head with the idea that they
should NEVER, EVER, *EVER* run *ANYTHING* that they get via e-mail, *even
if it's from someone that they know*, without explicit confirmation of
what it is and what it does, and that all of their programs need to be
configured the same way. And that as annoying as warning boxes might be,
they're there for a *reason*, and if they can't stand them, the answer is
to disable all macros always, not turn them on.
--
Russ Allbery ([EMAIL PROTECTED]) <URL:http://www.eyrie.org/~eagle/>
On Tue, Mar 30, 1999 at 01:04:26AM -0800, Russ Allbery wrote:
> In other words, to be blunt, this isn't a Windows problem. This is a user
> stupidity problem. The *only* effective long-term solution to these sorts
> of problems is to bludgeon people about the head with the idea that they
> should NEVER, EVER, *EVER* run *ANYTHING* that they get via e-mail, *even
> if it's from someone that they know*, without explicit confirmation of
> what it is and what it does, and that all of their programs need to be
> configured the same way. And that as annoying as warning boxes might be,
> they're there for a *reason*, and if they can't stand them, the answer is
> to disable all macros always, not turn them on.
>
While I agree with most of what Russ says I do have one caveat. A
warning box or message that appears too frequently is simply a
nuisance and one gets to click the OK button (or say 'y') without
thinking.
For example systems that alias 'rm' to 'rm -i' drive me crazy and, in
my opinion, *don't* protect the user from deleting files by mistake
because the 'y' response becomes automatic.
What is needed is something that alerts the user to something that is
unusual in some way. If the user normally doesn't get E-Mail with
executable attachments then a warning box/message is fine, but if
executable attacments (including macros) are the norm then some other
sort of mechanism is necessary, otherwise it will just become 'a
nuisance message that one always clicks'.
--
Chris Green ([EMAIL PROTECTED])
Home: [EMAIL PROTECTED] Work: [EMAIL PROTECTED]
WWW: http://www.isbd.co.uk/
The existing patches for this macro virus seem to me to miss the mark.
Does anyone on this list currently have a copy of the macro virus?
I would like to get a copy of it, so I can work on developing a more
discriminating patch against it.
Trying to block a virus like this by its signature text is, to me, silly,
since anyone intending on using the thing to do harm could easily
change those aspects. Therefore, perhaps a general macro virus protection
scheme is in order. Unfortunately, I haven't had any experience at
all with macro viruses, so I need a copy of this one to work off of.
Preliminarily, I was thinking of looking for things like AutoOpen,
AutoExec, messing with the registry, and rewriting normal.dot. Any
other suggestions? Is anyone else already doing this? I don't want
to reinvent the wheel, but I don't want to go for a commercial
antivirus package either. A free software (in the FSF sense) antivirus
package would probably be acceptable though, but I don't know of any of
those.
--
Erik Nielsen, Cyberhighway Internet Services NOC
I knew I'd hate COBOL the moment I saw they'd used "perform" instead of
"do".
-- Larry Wall on a not-so-popular programming language
On 29-Mar-99 [EMAIL PROTECTED] wrote:
> The existing patches for this macro virus seem to me to miss the mark.
> Does anyone on this list currently have a copy of the macro virus?
> I would like to get a copy of it, so I can work on developing a more
> discriminating patch against it.
Check the BUGTRAQ archives on www.geek-girl.com (think I got that right).
I thought someone posted the source to it on Friday - but I also thought
I saved it and didn't.
Vince.
--
==========================================================================
Vince Vielhaber -- KA8CSH email: [EMAIL PROTECTED] flame-mail: /dev/null
# include <std/disclaimers.h> TEAM-OS2
Online Campground Directory http://www.camping-usa.com
Online Giftshop Superstore http://www.cloudninegifts.com
==========================================================================
root.com has it posted; here is the URL:
http://www.root.org/melissa_virus.txt
That is the actual virus, so view it, don't execute it. I am not
responsible for people following the link and doing something stupid with
it.
Scott Swanson
Sysadmin, CTW Online
-----Original Message-----
From: Vince Vielhaber [mailto:[EMAIL PROTECTED]]
Sent: Monday, March 29, 1999 3:55 PM
To: [EMAIL PROTECTED]
Subject: RE: anyone got the melissa macro?
On 29-Mar-99 [EMAIL PROTECTED] wrote:
> The existing patches for this macro virus seem to me to miss the mark.
> Does anyone on this list currently have a copy of the macro virus?
> I would like to get a copy of it, so I can work on developing a more
> discriminating patch against it.
Check the BUGTRAQ archives on www.geek-girl.com (think I got that right).
I thought someone posted the source to it on Friday - but I also thought
I saved it and didn't.
Erik,
I am sending you a copy
______________________________________________________________________
This message has been checked for viruses by the Star Screening System
http://www.star.co.uk
Well we had it here this morning. The actual virus is in a word document. So
I think what you are talking about doing would not work.
Todd
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Monday, March 29, 1999 3:12 PM
To: [EMAIL PROTECTED]
Subject: anyone got the melissa macro?
The existing patches for this macro virus seem to me to miss the mark.
Does anyone on this list currently have a copy of the macro virus?
I would like to get a copy of it, so I can work on developing a more
discriminating patch against it.
Trying to block a virus like this by its signature text is, to me, silly,
since anyone intending on using the thing to do harm could easily
change those aspects. Therefore, perhaps a general macro virus protection
scheme is in order. Unfortunately, I haven't had any experience at
all with macro viruses, so I need a copy of this one to work off of.
Preliminarily, I was thinking of looking for things like AutoOpen,
AutoExec, messing with the registry, and rewriting normal.dot. Any
other suggestions? Is anyone else already doing this? I don't want
to reinvent the wheel, but I don't want to go for a commercial
antivirus package either. A free software (in the FSF sense) antivirus
package would probably be acceptable though, but I don't know of any of
those.
--
Erik Nielsen, Cyberhighway Internet Services NOC
I knew I'd hate COBOL the moment I saw they'd used "perform" instead of
"do".
-- Larry Wall on a not-so-popular programming language
> The existing patches for this macro virus seem to me to miss the mark.
> Does anyone on this list currently have a copy of the macro virus?
A copy was posted to bugtraq a while ago... along with simple details
of how someone who receives this message (even on a PC) can save the
source.
I'm personally waiting for papa.
> Trying to block a virus like this by its signature text is, to me, silly,
I agree... yet, sendmail had a "silly ruleset patch" up very quickly...
although I hear the patch only prevent relaying, not reception of the
virus message.
> AutoExec, messing with the registry, and rewriting normal.dot. Any
> other suggestions? Is anyone else already doing this? I don't want
> to reinvent the wheel, but I don't want to go for a commercial
> antivirus package either. A free software (in the FSF sense) antivirus
> package would probably be acceptable though, but I don't know of any of
> those.
Search bugtraq archives... and/or if you still can't find it, email me
personally and I'll return the posted copy to you. Would it be
inappropriate to post the code to this list?
Scott
ps: I should post my qmail worm.
Hi list,
How to setup qmail to catch all email to a domain or simply redirect all
email for that domain to other machine running the email service.
for example
we have a thedomain.com running in our server, for services as httpd,
ftp, etc..., but we want to handle all emails as [EMAIL PROTECTED]
in other machine running the email server for that domain, how I should
configure qmail to handle this.
thanks very much
carlos
Hi,
1) In DNS set up the MX records for that domain to include the name of the
machine you wish to handle that domains mail, as the lowest numbered MX.
2) put the domain name in /var/qmail/rcpthosts on the machine that will
be receiving the mail for the domain.
3) put the domain name in either /var/qmail/virtualdomains(with accountname)
or /var/qmail/locals depending on whether the machine is only handling mail
for one domain (locals) or multiple domains (virtualdomains)
Hope this helps
Gerry
At 12:35 PM 3/29/99 -0800, Rafael Correa <[EMAIL PROTECTED]> wrote:
>Hi list,
>
>How to setup qmail to catch all email to a domain or simply redirect all
>email for that domain to other machine running the email service.
>
>for example
>we have a thedomain.com running in our server, for services as httpd,
>ftp, etc..., but we want to handle all emails as [EMAIL PROTECTED]
>in other machine running the email server for that domain, how I should
>configure qmail to handle this.
>
>thanks very much
>carlos
At 12:35 PM Monday 3/29/99, Rafael Correa wrote:
>
>
>Hi list,
>
>
>
>How to setup qmail to catch all email to a domain or simply redirect all
>
>email for that domain to other machine running the email service.
Oh, a virtual domain.
How did you go with the discussion in FAQ 3.2 and 3.3?
>
>for example
>
>we have a thedomain.com running in our server, for services as httpd,
>ftp, etc..., but we want to handle all emails as [EMAIL PROTECTED]
>in other machine running the email server for that domain, how I should
>configure qmail to handle this.
>
>thanks very much
>
>
>carlos
>
>
>
>
I've set up Maildir, but now i don't know what is this
Can you help me (Temporary_error_on_maildir_delivery - #4.3.0)
Is problem with ownership? What likeshould it be for ./Maildir/ ?
Mar 29 22:19:06 qmail: 922738746.416664 new msg 221509
Mar 29 22:19:06 qmail: 922738746.417893 info msg 221509: bytes 464 from
<[EMAIL PROTECTED]> qp 160 uid 1000
Mar 29 22:19:06 qmail: 922738746.451159 starting delivery 5: msg 221509 to
local [EMAIL PROTECTED]
Mar 29 22:19:06 qmail: 922738746.452192 status: local 1/10 remote 0/20
Mar 29 22:19:06 qmail: 922738746.525523 delivery 5: deferral:
Temporary_error_on_maildir_delivery._(#4.3.0)/
Mar 29 22:19:06 qmail: 922738746.526567 status: local 0/10 remote 0/20
On Mon, 29 Mar 1999, Mark E Drummond wrote:
> Here we have a serious problem folks. Sendmail had a "fix" out for
> Melissa very shortly after it came out, and we are sitting pretty. I
> made a big push here to move our org to qmail because qmail seemed to be
> way superior. Now I am really ticked by my inability to write/use simple
> rulesets to solve this problem.
laughs
so you want to randomly reject mail which contains a subject of Important
mail from something ???
it's hardly a sensible fix, really now is it??
Richard
Richard Letts writes:
> On Mon, 29 Mar 1999, Mark E Drummond wrote:
>
> > Here we have a serious problem folks. Sendmail had a "fix" out for
> > Melissa very shortly after it came out, and we are sitting pretty. I
> > made a big push here to move our org to qmail because qmail seemed to be
> > way superior. Now I am really ticked by my inability to write/use simple
> > rulesets to solve this problem.
>
> laughs
>
> so you want to randomly reject mail which contains a subject of Important
> mail from something ???
>
> it's hardly a sensible fix, really now is it??
Furthermore, if I really cared for it, it would take me about five minutes
to program my Qmail relay to reject the Mellissa virus, however, for
various reasons that I don't care to get into, I am not susceptible to this
or other MS-based viruses.
Some people seem to expect for everything to be handed down to them on a
silver platter. Block a virus? Here, flip this switch. Reject mail with
a bad return address? Here, push this button. Configure your site for
selective relaying? Just type this command.
Nope, it doesn't work this way. Read the docs, read the man pages, it's
all there.
--
Sam
This should not surprise anyone on this list, but it does serve as
excellent confirmation of why simply filtering on the Subject: header to
attempt to block the Melissa virus (as in the Sendmail patch) was a bad
idea: mutations have already been discovered.
Details (though mostly intended for a general audience) at:
http://www.zdnet.com/zdnn/stories/news/0,4586,2233667,00.html
-----------------------------------------------------------------
Kai MacTane
System Administrator
Online Partners.com, Inc.
-----------------------------------------------------------------
>From the Jargon File: (v4.0.0, 25 Jul 1996)
feature shock /n./
[from Alvin Toffler's book title "Future Shock"] A user's (or
programmer's!) confusion when confronted with a package that has too
many features and poor introductory material.
Hello,
I was reading through how to use APOP, and is it required that you store
plaintext passwords to support APOP? Is there any way I can just add APOP
support to my existing setup without having users to edit a .poppasswd file?
Robert S. Wojciechowski Jr.
[EMAIL PROTECTED]
I just installed the qmail-popbull patches on a qmail 1.03 install and am
getting duplicate messags, one for every time a user checks their email.
I checked into it and the .timestamp file for their account isn't updting.
I have since worked around the problems like this "rm `ls
/usr/home/*/.timestamp`.
Matt
``````````````````````````````````````````````````````````````````
Matt Simerson http://users.michweb.net/~matt
MichWeb Inc. - President http://www.michweb.net
The Art Farm - Technical Wizard http://www.theartfarm.com
Better to dare Mighty Things and fail, than to live in __o
a gray twilight where there is neither victory or _-\<,_
defeat. -- attributed to Theodore Roosevelt ......(_)/ (_)
``````````````````````````````````````````````````````````````````
Matt Simerson writes:
>
> I just installed the qmail-popbull patches on a qmail 1.03 install and am
> getting duplicate messags, one for every time a user checks their email.
> I checked into it and the .timestamp file for their account isn't updting.
> I have since worked around the problems like this "rm `ls
> /usr/home/*/.timestamp`.
I'd rather you fixed the problem rather than working around it. I'm
curious what the matter could be. It's working here for me.
--
-russ nelson <[EMAIL PROTECTED]> http://crynwr.com/~nelson
Crynwr supports Open Source(tm) Software| PGPok | There is good evidence
521 Pleasant Valley Rd. | +1 315 268 1925 voice | that freedom is the
Potsdam, NY 13676-3213 | +1 315 268 9201 FAX | cause of world peace.
Hi,
I have around 6 busy Linux servers scattered about the place all
happierly
running Qmail.
With the new virus "Melissa"
roaming around SMTP hangouts and infecting
users, I would like to know if
anybody has successfully configured Qmail to
scan incoming email before
delivering it to a user ?
I have found a package that interfaces with
Mcafee's *nix version, but only
works with Sendmail at present, apparently
they are looking at making it
work with other MTA's including
Qmail.
http://satan.oih.rwth-aachen.de/AMaViS/amavis.html
is the package I came
across.
I will purchase Mcafee for Linux anyway
it seems.
Any feedback is welcome.
Cheers,
Stephen
Mills.
Hello folks,
I'm running QMAIL 1.03,
with tcpserver for denying relay.
But I need to ban a host (that sends SPAM)
for my machines.
Where can I read something about it?
Regards,
--
---------------------------------------------
| Georgi Kupenov, | |
| tel.: +359-2-9630641| ProLink Ltd. |
| +359-2-9630651| |
---------------------------------------------
On Tue, Mar 30, 1999 at 10:34:25AM +0300, Georgi Kupenov wrote:
To ban a certain host from connecting to you, put the following at the
top of the tcp.smtp rules file and rebuild it with tcprules:
[ip.address.of.bad.host]:deny
See 'man tcprules' for more info.
> Hello folks,
>
> I'm running QMAIL 1.03,
> with tcpserver for denying relay.
>
> But I need to ban a host (that sends SPAM)
> for my machines.
>
> Where can I read something about it?
>
> Regards,
> --
> ---------------------------------------------
> | Georgi Kupenov, | |
> | tel.: +359-2-9630641| ProLink Ltd. |
> | +359-2-9630651| |
> ---------------------------------------------
--
System Administrator
See complete headers for address, homepage and phone numbers
On Sat, Mar 27, 1999 at 11:45:29PM -0000, Pedro Melo wrote:
> I know that a lot of people here use Qmail + NFS to deliver into NetApp's and
> boxes like that. My question is: does anybody here does NFS delivery via NFS to
> a Linux-based NFS Server? Are you having any stability probs? Which kernel are
> you using?
3 machines on a WAN, homes crossmounted with NFS,
deliveries to Maildirs under home directories,
kernels 2.0.33 & 2.0.34. Only one machine receives
the actual mail and delivers. A little less than
2000 users. Homes total 8.7gigs.
11:09am up 81 days, 23:00, 1 user, load average: 1.02, 1.07, 1.07
11:31am up 175 days, 19:36, 1 user, load average: 1.11, 1.16, 1.09
11:16am up 22 days, 3:41, 1 user, load average: 1.17, 1.13, 1.04
(the last one doesn't yet have an UPS)
We are moving away from that setup to a dedicated
POP-machine, mostly for network policy reasons
(it can be isolated into the server subnet, no users
allowed locally, connections from/to "secure" subnets
allowed).
--
foo | +358505486010 | [EMAIL PROTECTED] | mknod /dev/trash c 1 3
