I have observed that most virus mail (99% plus) is sent directly from the infected machine to the recipient mail server using SMTP server software built in to the virus. If a Sendmail server is only supposed to receive mail that is forwarded from another server, would I be correct in assuming the first packet after the DATA statement should always start with "Received: from", and that anything else would be virus or "unauthorized" traffic. There does not appear to be any specific order with the rest of the header information, but the relay info at the top always appears to start this way. Just as with Spam, the engine could add false relay information, but such does not appear to be the case at present time, and I want to use this to block the current crop of nasties. Any comments? J.A. Coutts
Block on Relay Data?
2 posts
• Page 1 of 1
- PowerPoint
- WINDOWS SERVER
- MS Office Access
- MS SQL SERVER
- Windows Terminal Services
- pocket pc
- dotnet framework
- MS EXCEL
- windows ce
- MS EXCEL
Jump to:
- 1. changing From: header
Hello All, I'm quite new to this MTA, MDA, sendmail, fetchmail, procmail stuff. Previously I had been using kmail. I only have one question. How do I send messages so that they appear to originate from my mailing address at my isp. As of right now, any email I send will appear to come from my machine. This may be because it did, but the problem in this is that RedHat9, my current distro, will not allow connections smtp from anyone other than localhost. Also, even though I could fix this, I would prefer to recieve my mail through fetchmail and imap rather than force users to type in my ultimatly much longer hostname. I've searched all the faq's and the man pages. Can someone help me? Thanks, James Leddy - 2. Denial of MIME (UUCP)
Hello. How could I prevent MIME on a slow (2400 baud) UUCP link? I would like to be able to simply reject any message that contains MIME data BEFORE it is transferred. Rejecting it after it has been transferred is not an option. The objective here is to prevent the TRANSFER of large messages (as a single pissing lesbians pic will busy out the line for an hour). Is this possible with sendmail? I haven't seen any mention of it anywhere. cda - 3. how can i save a copy of incoming outcoming email?
how can i save a copy of incoming outcoming email? - 4. Problems with From line and virtual hosting (help?0
I have read the manual pages and the virtual hosting pages. Here is the problem: on my server I host various domains and some email only domains. All the users have local logins so they can use imap, etc... Let's say that I send a message with a From line of: XXXX@XXXXX.COM to: XXXX@XXXXX.COM the From line is getting re-written to: XXXX@XXXXX.COM (where server.com is the domain name of the mail server). In genericstable I have written: paul XXXX@XXXXX.COM In generics-domains I have: virtualdomain1.com in virtusertable I have XXXX@XXXXX.COM chris XXXX@XXXXX.COM paul I need to be able to maintain the from lines and not have them re- written. The correct from line " XXXX@XXXXX.COM " is actually showing up in the maillog but somehow is vanishing as the mail is processed. Can anyone shed any light on the problem? Thanks, -Chris
Next
Block on Relay Data?
by administrator » Fri, 16 Apr 2004 08:29:02 GMT
Re: Block on Relay Data?
by Andrzej Adam Filip » Mon, 19 Apr 2004 20:34:35 GMT
1) There are many MTAs on the net, some are "broken" in incredible ways => expect some false positives (very small number for most sites). 2) You suggestion would be easy to implement in milter (e.g. mimedefang). 3) It will be very easy for viral worms to add Received: header and pass the check -- Andrzej [en:Andrew] Adam Filip XXXX@XXXXX.COM XXXX@XXXXX.COM http://www.**--****.com/ ://slashdot.org/~anfi *Random Epigram* : We tried to close Ohio's borders and ran into a Constitutional problem. There's a provision in the Constitution that says you can't close your borders to interstate commerce, and garbage is a form of interstate commerce. -- Ohio Lt. Governor Paul Leonard
2 posts
• Page 1 of 1
Who is online
Users browsing this forum: No registered users and 18 guest