From owner-freebsd-stable Sun Apr 14 16:35: 1 2002 Delivered-To: freebsd-stable@freebsd.org Received: from krusty.e-technik.uni-dortmund.de (krusty.E-Technik.Uni-Dortmund.DE [129.217.163.1]) by hub.freebsd.org (Postfix) with ESMTP id 3E8D237B400 for ; Sun, 14 Apr 2002 16:34:57 -0700 (PDT) Received: from merlin.emma.line.org (localhost [127.0.0.1]) by krusty.e-technik.uni-dortmund.de (Postfix) with ESMTP id 1EF33A3831 for ; Mon, 15 Apr 2002 01:34:55 +0200 (CEST) Received: by merlin.emma.line.org (Postfix, from userid 500) id D1F301C445; Mon, 15 Apr 2002 01:34:50 +0200 (CEST) X-Draft-From: ("nnml+private:freebsd-stab" 25058) To: freebsd-stable@freebsd.org Subject: Re: Antigen Notification:Antigen found VIRUS= HTML\MimeExploit.IFRAME (CA(InoculateIT),CA(Vet)) virus (fwd) References: <00fc01c1e3fd$6b3a79f0$5f45a8c0@auir.gank.org> In-Reply-To: <00fc01c1e3fd$6b3a79f0$5f45a8c0@auir.gank.org> ("Craig Boston"'s message of "Sun, 14 Apr 2002 16:43:29 -0500") Message-ID: From: Matthias Andree Date: Mon, 15 Apr 2002 01:34:50 +0200 Lines: 37 User-Agent: Gnus/5.090006 (Oort Gnus v0.06) Emacs/21.1 (i686-pc-linux-gnu) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG "Craig Boston" writes: > No, from the headers it looks like tig-msxproto1.tig.mizzou.edu is. It also > looks like their antigen server is using an invalid envelope sender (simply > with no domain name). > > AFAIK, freebsd.org *DOES* use Postfix, however, and it assumes unqualified > addresses are local and rewrites them with its own domain name... So > becomes . Maybe one of the Postfix gurus can > come up with a regex match to prevent stuff like this from masquarading as a > valid address. No regexp necessary, Postfix can tell remote sites that use unqualified sender envelopes to go away: /usr/local/postfix/etc/main.cf: smtpd_sender_restrictions = ... permit_mynetworks reject_non_fqdn_sender ... This is valid if and only if the whole network behind hub.freebsd.org is in the freebsd.org domain. If it is not, some restriction class configuration should be used, Ralf Hildebrandt has information on this topic publicly available on the web. It may also be useful to reject these junk notifications, such as: /usr/local/postfix/etc/main.cf: header_checks = regexp:/usr/local/etc/postfix/header_checks /usr/local/postfix/etc/header_checks: /^Subject: Antigen Notification:Antigen found VIRUS/ REJECT we don't want to know about your virus troubles Or filter them with the badwords list or whatever the mailing list software offers. -- Matthias Andree To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message