Date: Thu, 21 Jun 2001 11:11:08 -0500 From: "Thomas T. Veldhouse" <veldy@veldy.net> To: "Giorgos Keramidas" <keramida@ceid.upatras.gr> Cc: <freebsd-security@freebsd.org> Subject: Re: need help filter this stupid virus. Sendmail didnt stop this. Message-ID: <00ba01c0fa6c$c914a800$3028680a@tgt.com> References: <20010620194713.A18467@ns1.via-net-works.net.ar> <200106202329.f5KNTPm07958@fusion.borderware.com> <20010620165335.C20771@i-sphere.com> <20010621180835.A11041@hades.hell.gr>
next in thread | previous in thread | raw e-mail | index | archive | help
Or simply block everything from the pacific rim. Although there are some ligitimate people there :), almost ALL of the email I get from there is SPAM. So ... :0 * ^Received:.*\[200.51.* $HOME/mail/Spam :0 * ^Received:.*\[202.* $HOME/mail/Spam :0 * ^Received:.*\[203.* $HOME/mail/Spam :0 * ^Received:.*\[210.* $HOME/mail/Spam :0 * ^Received:.*\[211.* $HOME/mail/Spam :0 * ^Received:.*\[61.13.* $HOME/mail/Spam :0 * ^.*to be removed.* $HOME/mail/Spam The above rules catch a small group from South America and one other :) You wouldn't believe the amount of Spam that simply "goes away" with this -- and I have only sent 1 legitimate email into my spam box with these filters. Not too bad! To bad administrators in these areas don't get their acts together. Tom Veldhouse veldy@veldy.net ----- Original Message ----- From: "Giorgos Keramidas" <keramida@ceid.upatras.gr> To: "faSty" <fasty@i-sphere.com> Cc: "Bruce M. Walker" <bmw@borderware.com>; <freebsd-security@FreeBSD.ORG> Sent: Thursday, June 21, 2001 10:08 AM Subject: Re: need help filter this stupid virus. Sendmail didnt stop this. > On Wed, Jun 20, 2001 at 04:53:35PM -0700, faSty wrote: > > > I did used "From:hahaha@sexyfun.net" and still fails reject it. > > > > -trev > > Instead of tweaking your sendmail rules, which is somewhat error prone > (unless you reallyknow what you are doing), you could install procmail > and use that as the local delivery agent. Then, a simple filter like: > > :0 H > * From[: ].*hahaha@.*sex.*$ > /dev/null > > put in the proper place (your /usr/local/etc/procmailrc) will filter > out all mail that have either an envelope-from or a header-from > address that matches your rules. > > The only problem I can see with this is that you might soon end > up with a huge /usr/local/etc/procmailrc file, instead of a nicer > /etc/mail/access file that blocks spammers. > > If you do want to use /etc/mail/access then you should probably do the > extra works it takes to find from the mail headers, where the mail > comes from. > > Then block the mail that comes from that host or domain or provider > and contact the provider's mail admins informing them that you have > blocked the entire domain because spammers use it to abuse your mail > system. A nicely put and carefully worded telephone call, where you > take care not to offend the mail admins themselves, will do wonders.. > trust me. > > -giorgos > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?00ba01c0fa6c$c914a800$3028680a>