Date: Mon, 23 Jul 2001 12:47:11 -0400 From: Louis LeBlanc <leblanc+freebsd@acadia.ne.mediaone.net> To: freebsd-questions@FreeBSD.ORG, freebsd-questions@FreeBSD.ORG Subject: Re: SirCam virus Message-ID: <20010723124711.A3193@acadia.ne.mediaone.net> In-Reply-To: <002701c1134f$7aa71940$1401a8c0@tedm.placo.com> References: <F160qRQtdB3xuv4hh6n0000415a@hotmail.com> <002701c1134f$7aa71940$1401a8c0@tedm.placo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hey Ted and Thierry. I am curious about the cyrus/procmail thing. I am running Cyrus 1.6.24 with Procmail (don't remember the version). I am handling this pretty much the way you suggested, Ted, except that I may be doing it the wrong way. There are several issues with using sendmail and Cyrus. Unfortunately, Cyrus is somewhat notoriously difficult to configure with sendmail (at least in my experience). I am under the impression that it is necessary to have several flags set to make Cyrus run smoothly. Procmail is configured to call deliver, which will then pop the message into the correct mailbox. If I can just tell sendmail to use procmail to handle local delivery, I suspect this would simplify my configuration headaches. Any ideas there? As for procmail, Thierry, I highly recommend it. Especially if your users tend to subscribe to mailing lists. I have found that it really helps when some other subscriber goes on vacation and forgets to exclude the list from vacation responses - vicious circle. I just put the sender (usually a postmaster id) into a killfile, and I never have to see the hundreds of messages generated by the cycle. Just the dozens of others that respond to bitch about it - resulting in more messages. Recently, I thought about using the Cyrus Sieve tool, which is supposed to be a replacement for procmail, but I decided to stick with what I knew. If you want to start with an integrated tool, you might want to check it out. I for one still like the Unix mentality - a tool should do one thing and do it well. Lou On 07/23/01 01:14 AM, Ted Mittelstaedt sat at the `puter and typed: > cyrus is not relevent to this discussion. Your not replacing it, > your replacing the local delivery program. cyrus gets the > message well after the local delivery program (ie: procmail) > has finished with it. > > The way it works now is that the message comes in, is accepted by > sendmail which passes it to the local delivery program mail.local, > which writes it into /var/mail/username. cyrus then picks it up > from there when a imap or pop request comes in and delivers it out > via imap or pop. > > The way you want it to work is the message comes in, is accepted by > sendmail which passes it to the local delivery program procmail, > which filters it for spam and for this virus, then writes it into > /var/mail/username. cyrus then picks it up from there when a imap or pop > request comes in and delivers it out via imap or pop. > > All that feature does that I mention in the article is change the line > in sendmail.cf > > Mlocal, P=/usr/libexec/mail.local, F=lsDFMAw5:/|@qPSXfmnz9P, > S=EnvFromL/ > HdrFromL, R=EnvToL/HdrToL, > > to a Mlocal line that replaces mail.local with the procmail invocation. > > You want to spend some time reading the procmail mailing list and > documentation for some more detailed answers. But it's not that hard > and also procmail is the default local delivery program for GNU/Linux > so there's plenty of info out there on it in the Linux mailing list > archives. (although a lot of Linux people use postfix instead of > sendmail, yech!) > > Ted Mittelstaedt tedm@toybox.placo.com > Author of: The FreeBSD Corporate Networker's Guide > Book website: http://www.freebsd-corp-net-guide.com > > > >-----Original Message----- > >From: owner-freebsd-questions@FreeBSD.ORG > >[mailto:owner-freebsd-questions@FreeBSD.ORG]On Behalf Of Thierry Black > >Sent: Monday, July 23, 2001 12:20 AM > >To: tedm@toybox.placo.com; freebsd-questions@FreeBSD.ORG > >Subject: RE: SirCam virus > > > > > >Hello Ted! Thankyou for the reply. I'm sure procmail is the answer now but > >as my original post said, I don't know how to make procmail work with cyrus. > >Your article was really good, but it didn't explain that. Do you know how I > >can make procmail work with sendmail 8.9.3 and cyrus? > > > >thankyou > >thierry > > > > > > > > > > > >>From: "Ted Mittelstaedt" <tedm@toybox.placo.com> > >>To: "Thierry Black" <thierryblack@hotmail.com>, > >><freebsd-questions@FreeBSD.ORG> > >>Subject: RE: SirCam virus > >>Date: Sun, 22 Jul 2001 23:41:26 -0700 > >>MIME-Version: 1.0 > >> > >>Actually this virus is an easy one to block. According to the > >>advisory there is always one of the following strings: > >> > >>"Hi! How are you?" > >> > >>"I send you this file in order to have your advice" > >> > >>So all you need to do is replace the local delivery agent with > >>Procmail and write a procmail recipe to filter out messages > >>containing either of those strings. I did a column on this a > >>while ago it's here: > >> > >>http://www.computerbits.com/archive/1998/1000/lan9810.html > >> > >> You really ought to be doing this for your spamfiltering anyway. > >> > >>Ted Mittelstaedt > >>tedm@toybox.placo.com > >>Author of: The FreeBSD Corporate Networker's > >>Guide > >>Book website: > >>http://www.freebsd-corp-net-guide.com > >> > >> > >> >-----Original Message----- > >> >From: owner-freebsd-questions@FreeBSD.ORG > >> >[mailto:owner-freebsd-questions@FreeBSD.ORG]On Behalf Of Thierry Black > >> >Sent: Sunday, July 22, 2001 9:32 PM > >> >To: freebsd-questions@FreeBSD.ORG > >> >Subject: SirCam virus > >> > > >> > > >> >Hello again! My server has received copies of this "SirCam" virus > >>notified > >> >at www.symantec.com. We are using sendmail, and cyrus for delivery. How > >>can > >> >I put a rule to block the messages? The subject, sender, attachment name, > >> >and headers are all random (taken from the virus victims email). The only > >> >common things are in the body. The messages start with "Hi! How are you?" > >> >and end with "See you later. Thanks". > >> > > >> >I need to block these messages from being sent to or from our email > >>server. > >> >I have heard of procmail, but I don't know hwo to use it with sendmail > >>8.9.3 > >> >and cyrus. > >> > > >> > > >> >_________________________________________________________________ > >> >Get your FREE download of MSN Explorer at > >>http://explorer.msn.com/intl.asp > >> > > >> > > >> >To Unsubscribe: send mail to majordomo@FreeBSD.org > >> >with "unsubscribe freebsd-questions" in the body of the message > >> > > >> > > > > > >_________________________________________________________________ > >Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp > > > > > >To Unsubscribe: send mail to majordomo@FreeBSD.org > >with "unsubscribe freebsd-questions" in the body of the message > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > -- Louis LeBlanc leblanc@acadia.ne.mediaone.net Fully Funded Hobbyist, KeySlapper Extrordinaire :) http://acadia.ne.mediaone.net ԿԬ QOTD: "Sure, I turned down a drink once. Didn't understand the question." To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010723124711.A3193>