On Fri, Jan 06, 2006 at 12:37:02PM -0500, Chuck Swiger wrote:
Anyway, amavisd-new lists a dozen or so examples:
# Treat envelope sender address as unreliable and don't send sender
# notification / bounces if name(s) of detected virus(es) match the list.
# Note that virus names are supplied
Jan Pieter Cornet wrote:
I believe it's way easier to do the opposite: list only viruses that do
NOT fake the sender. The only ones you'd expect to find in email are
things like eicar, joke and macro viruses.
I just check for a small list (Mimail, Sober, etc.), plus anything that
starts with
At 06:51 AM 1/10/2006, Jan Pieter Cornet wrote:
On Fri, Jan 06, 2006 at 12:37:02PM -0500, Chuck Swiger wrote:
Anyway, amavisd-new lists a dozen or so examples:
# Treat envelope sender address as unreliable and don't
send sender
# notification / bounces if name(s) of detected
virus(es)
Hello Christopher,
This way my users' mailboxes aren't cluttered with notices, but if a message
they were expecting just doesn't show up, they can search the DB of what was
thrown out to see if what they were waiting for was junked.
FWIW amavisnewsql does a similar thing
Ok,
your massages convinced me only to report the sender.
I don't want only blackhole the message and nothing else, because i think
one of the both, the sender or the recipient should get informed.
Thanks to all,
Michael Neurohr
___
From: Michael [EMAIL PROTECTED]
Ok,
your massages convinced me only to report the sender.
I don't want only blackhole the message and nothing else, because i think
one of the both, the sender or the recipient should get informed.
If you do that please only inform your local users and *non* of
Le Fri 6/01/2006, Michael disait
Ok,
your massages convinced me only to report the sender.
I don't want only blackhole the message and nothing else, because i think
one of the both, the sender or the recipient should get informed.
But you do not know the sender. You only know an address that
If you do that please only inform your local users and *non* of the
internet users.
I only want to send a message back to the sender, that he knows about
the rejected mail.
Why do you mean that there may come about so many mails?
Michael Neurohr
But you do not know the sender. You only know an address that the
virus presents as the sender address. And you trust the virus...
Ok, i see you must have experience. Are there really so many
virussender who specify a fake REAL EXIST mail address?
Michael Neurohr
Le Fri 6/01/2006, Michael disait
But you do not know the sender. You only know an address that the
virus presents as the sender address. And you trust the virus...
Ok, i see you must have experience. Are there really so many
virussender who specify a fake REAL EXIST mail address?
Too many
From: Michael [EMAIL PROTECTED]
If you do that please only inform your local users and *non* of the
internet users.
I only want to send a message back to the sender, that he knows about the
rejected mail.
Why do you mean that there may come about so many mails?
Because a lot of virusses
But you do not know the sender. You only know an address that the
virus presents as the sender address. And you trust the virus...
Ok, i see you must have experience. Are there really so many
virussender who specify a fake REAL EXIST mail address?
Michael Neurohr
Many viruses harvest
Original Message
From: Randal, Phil [EMAIL PROTECTED]
To: ClamAV users ML clamav-users@lists.clamav.net
Sent: Friday, January 06, 2006 12:23 PM
Subject: RE: [Clamav-users] RE: Report infected mail to the user
But you do not know the sender. You only know an address that the
virus
Michael said:
Ok,
your massages convinced me only to report the sender.
I don't want only blackhole the message and nothing else, because i think
one of the both, the sender or the recipient should get informed.
Since there is no way to know who the sender is, and since the recipient
is not
On Fri, 6 Jan 2006, Dennis Peterson wrote:
If you cannot reject it before the final .crlfcrlf then you keep it. It's
dead. Pinin' for the fjords, bleeding demised, an ex-message, shuffled off
it's mortal coil, lovely plumage and all.
I will submit one other possibility: I use
Leif Neland wrote:
Ok, i see you must have experience. Are there really so many
virussender who specify a fake REAL EXIST mail address?
Michael Neurohr
Many viruses harvest email addresses from the infected PC user's
address book and inbox etc and use these as the From: address.
And I
I will submit one other possibility: I use --postmaster-only to send the
notices to a specific address, then have procmail pipe those to a script
that parses it and adds specific information to an SQL database --
(From To Subject Date/Time and what Virus).
This way my users' mailboxes aren't
Brian McDonald wrote:
I will submit one other possibility: I use --postmaster-only to send
the notices to a specific address, then have procmail pipe those to
a script that parses it and adds specific information to an SQL
database -- (From To Subject Date/Time and what Virus).
This way my
Michael said:
But you do not know the sender. You only know an address that the
virus presents as the sender address. And you trust the virus...
Ok, i see you must have experience. Are there really so many
virussender who specify a fake REAL EXIST mail address?
There are few that do not. The
Michael wrote:
But you do not know the sender. You only know an address that the
virus presents as the sender address. And you trust the virus...
Ok, i see you must have experience. Are there really so many virussender
who specify a fake REAL EXIST mail address?
YES! All major email
On Fri, 6 Jan 2006, Brian McDonald wrote:
Chris this sounds like an excellent solution can you share how you did this?
Calling it a hack is an insult to hacks. :-) I'll try to take some time and
make a version I can put out (remove our IP addresses, SQL passwords, etc)
On Friday 06 January 2006 02:24, Michael wrote:
Ok,
your massages convinced me only to report the sender.
I don't want only blackhole the message and nothing else, because i think
one of the both, the sender or the recipient should get informed.
no
you should NEVER notify the sender.
the
On Friday 06 January 2006 03:13, Michael wrote:
But you do not know the sender. You only know an address that the
virus presents as the sender address. And you trust the virus...
Ok, i see you must have experience. Are there really so many
virussender who specify a fake REAL EXIST mail
Christopher X. Candreva said:
On Fri, 6 Jan 2006, Dennis Peterson wrote:
If you cannot reject it before the final .crlfcrlf then you keep it.
It's
dead. Pinin' for the fjords, bleeding demised, an ex-message, shuffled
off
it's mortal coil, lovely plumage and all.
I will submit one other
On Friday 06 January 2006 08:48, [EMAIL PROTECTED] wrote:
Leif Neland wrote:
Ok, i see you must have experience. Are there really so many
virussender who specify a fake REAL EXIST mail address?
Michael Neurohr
Many viruses harvest email addresses from the infected PC user's
address
Michael wrote:
But you do not know the sender. You only know an address that the
virus presents as the sender address. And you trust the virus...
Ok, i see you must have experience. Are there really so many virussender
who specify a fake REAL EXIST mail address?
I infer that you've never
Jeremy Kitchen wrote:
On Friday 06 January 2006 02:24, Michael wrote:
Ok,
your massages convinced me only to report the sender.
I don't want only blackhole the message and nothing else, because i think
one of the both, the sender or the recipient should get informed.
no
you should NEVER
On Friday 06 January 2006 09:55, Steven Spence wrote:
Jeremy Kitchen wrote:
On Friday 06 January 2006 02:24, Michael wrote:
Ok,
your massages convinced me only to report the sender.
I don't want only blackhole the message and nothing else, because i think
one of the both, the sender or the
Jeremy Kitchen wrote:
I wouldn't say never. If you had authenticated SMTP set up you could
always send the notification back to the sender using the username
supplied during the SMTP authentication process. After authentication
has succedeed of course. :)
rejecting the message should alert
On Friday 06 January 2006 10:35, Steven Spence wrote:
Jeremy Kitchen wrote:
I wouldn't say never. If you had authenticated SMTP set up you could
always send the notification back to the sender using the username
supplied during the SMTP authentication process. After authentication
has
Steven Spence wrote:
Jeremy Kitchen wrote:
I wouldn't say never. If you had authenticated SMTP set up you could
always send the notification back to the sender using the username
supplied during the SMTP authentication process. After authentication
has succedeed of course. :)
rejecting
On 1/6/06 11:40 AM, Chuck Swiger [EMAIL PROTECTED] wrote:
I agree with this almost entirely. You should absolutely try to 5xx refuse
known-malicious email traffic, or if you have to accept it, silently file it
away in a quarantine area for a knowledgeable human to review questionable
cases,
32 matches
Mail list logo
