On Mon, Jun 04, 2001 at 10:20:23AM +1000, Peter McCarthy wrote:
Reply sent to slug because there may be others interested.
> > I have the filter inplace to block this address but it still manages to get
> > through.
>
> How have you configured your filter? Is it filtering on message header
> or envelope?
>
> PMc
> I don't know how do I check ??
> PMc
You're using the access db, so that's filtering on envelope.
> The null address is a special case. Are you *certain* that you're
> looking at the right log entry?
>
> PMc
> Yes quite certain
> PMc
You're right:
Note that Snow White actually uses the null envelope sender <>, so
you can't block it in /etc/mail/access (and blocking the null
envelope sender will also block bounce messages and violate RFCs
1123 and 822, so don't do it). Since it does consistently use the
same From: header, the header check is the only way to effectively
block it.
> /etc/sendmail.mc
>
> define(`confTRY_NULL_MX_LIST',true)
> define(`confDONT_PROBE_INTERFACES',true)
Are you sure you need these two? If you're not, read the descriptions
here:
http://www.sendmail.org/m4/tweakingoptions.html
then decide.
> /etc/mail/access
>
> [EMAIL PROTECTED] REJECT Bugger off will you !
These reject based on the *envelope* address. They do nothing with the
`From:' header in any received email. For that, you need something like
this in your sendmail.mc:
LOCAL_CONFIG
HFrom: $>CheckFrom
LOCAL_RULESETS
SCheckFrom
R$* <[EMAIL PROTECTED]> $* $#error $@ 5.5.3 $: "Rejecting probable Snow
White virus message"
R$* $@ OK
Cheers,
John
--
whois [EMAIL PROTECTED]
--
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://lists.slug.org.au/listinfo/slug
