Date: Mon, 23 Jul 2001 21:39:39 -0600 From: "Thierry Black" <thierryblack@hotmail.com> To: freebsd-questions@freebsd.org Cc: leblanc+freebsd@acadia.ne.mediaone.net, tedm@toybox.placo.com Subject: Re: SirCam virus Message-ID: <F109jpPIKQg9g4alpn900004a00@hotmail.com>
next in thread | raw e-mail | index | archive | help
>Hey Ted and Thierry. I am curious about the cyrus/procmail thing. I >am running Cyrus 1.6.24 with Procmail (don't remember the version). > >I am handling this pretty much the way you suggested, Ted, except that I >may be doing it the wrong way. There are several issues with using >sendmail and Cyrus. Unfortunately, Cyrus is somewhat notoriously >difficult to configure with sendmail (at least in my experience). I >am under the impression that it is necessary to have several flags set >to make Cyrus run smoothly. Procmail is configured to call deliver, >which will then pop the message into the correct mailbox. Hi Louis--The problem I experience with cyrus is that its deliver doesn't actually do local delivery (I don't want local delivery), so I don't understand what configuring procmail to intercept local delivery would help if cyrus is already sending mail to its own spool directories for each user in /var/spool/imap/user/, not /var/mail. Ted's message was helpful, but I must be missing something. In my sendmail.cf, I have an Mcyrus section for the cyrus mailer, and there is an Mlocal section for local delivery (about 4 ids use local delivery here instead of cyrus, like root, for one), but I think procmail needs to happen before either Mcyrus or Mlocal so that it can filter both kinds of mail, right? Mail would need to go from sendmail to procmail, then to cyrus, or local delivery, but I don't understand it well enough to make that happen. > >If I can just tell sendmail to use procmail to handle local delivery, >I suspect this would simplify my configuration headaches. > >Any ideas there? > >As for procmail, Thierry, I highly recommend it. Especially if your >users tend to subscribe to mailing lists. I have found that it really >helps when some other subscriber goes on vacation and forgets to >exclude the list from vacation responses - vicious circle. I just put >the sender (usually a postmaster id) into a killfile, and I never have >to see the hundreds of messages generated by the cycle. Just the >dozens of others that respond to bitch about it - resulting in more >messages. > >Recently, I thought about using the Cyrus Sieve tool, which is >supposed to be a replacement for procmail, but I decided to stick with >what I knew. If you want to start with an integrated tool, you might >want to check it out. I for one still like the Unix mentality - a >tool should do one thing and do it well. > >Lou > >On 07/23/01 01:14 AM, Ted Mittelstaedt sat at the `puter and typed: > > cyrus is not relevent to this discussion. Your not replacing it, > > your replacing the local delivery program. cyrus gets the > > message well after the local delivery program (ie: procmail) > > has finished with it. > > > > The way it works now is that the message comes in, is accepted by > > sendmail which passes it to the local delivery program mail.local, > > which writes it into /var/mail/username. cyrus then picks it up > > from there when a imap or pop request comes in and delivers it out > > via imap or pop. > > > > The way you want it to work is the message comes in, is accepted by > > sendmail which passes it to the local delivery program procmail, > > which filters it for spam and for this virus, then writes it into > > /var/mail/username. cyrus then picks it up from there when a imap or >pop > > request comes in and delivers it out via imap or pop. > > > > All that feature does that I mention in the article is change the line > > in sendmail.cf > > > > Mlocal, P=/usr/libexec/mail.local, F=lsDFMAw5:/|@qPSXfmnz9P, > > S=EnvFromL/ > > HdrFromL, R=EnvToL/HdrToL, > > > > to a Mlocal line that replaces mail.local with the procmail invocation. > > > > You want to spend some time reading the procmail mailing list and > > documentation for some more detailed answers. But it's not that hard > > and also procmail is the default local delivery program for GNU/Linux > > so there's plenty of info out there on it in the Linux mailing list > > archives. (although a lot of Linux people use postfix instead of > > sendmail, yech!) > > > > Ted Mittelstaedt >tedm@toybox.placo.com > > Author of: The FreeBSD Corporate Networker's >Guide > > Book website: >http://www.freebsd-corp-net-guide.com > > > > > > >-----Original Message----- > > >From: owner-freebsd-questions@FreeBSD.ORG > > >[mailto:owner-freebsd-questions@FreeBSD.ORG]On Behalf Of Thierry Black > > >Sent: Monday, July 23, 2001 12:20 AM > > >To: tedm@toybox.placo.com; freebsd-questions@FreeBSD.ORG > > >Subject: RE: SirCam virus > > > > > > > > >Hello Ted! Thankyou for the reply. I'm sure procmail is the answer now >but > > >as my original post said, I don't know how to make procmail work with >cyrus. > > >Your article was really good, but it didn't explain that. Do you know >how I > > >can make procmail work with sendmail 8.9.3 and cyrus? > > > > > >thankyou > > >thierry > > > > > > > > > > > > > > > > > >>From: "Ted Mittelstaedt" <tedm@toybox.placo.com> > > >>To: "Thierry Black" <thierryblack@hotmail.com>, > > >><freebsd-questions@FreeBSD.ORG> > > >>Subject: RE: SirCam virus > > >>Date: Sun, 22 Jul 2001 23:41:26 -0700 > > >>MIME-Version: 1.0 > > >> > > >>Actually this virus is an easy one to block. According to the > > >>advisory there is always one of the following strings: > > >> > > >>"Hi! How are you?" > > >> > > >>"I send you this file in order to have your advice" > > >> > > >>So all you need to do is replace the local delivery agent with > > >>Procmail and write a procmail recipe to filter out messages > > >>containing either of those strings. I did a column on this a > > >>while ago it's here: > > >> > > >>http://www.computerbits.com/archive/1998/1000/lan9810.html > > >> > > >> You really ought to be doing this for your spamfiltering anyway. > > >> > > >>Ted Mittelstaedt > > >>tedm@toybox.placo.com > > >>Author of: The FreeBSD Corporate Networker's > > >>Guide > > >>Book website: > > >>http://www.freebsd-corp-net-guide.com > > >> > > >> > > >> >-----Original Message----- > > >> >From: owner-freebsd-questions@FreeBSD.ORG > > >> >[mailto:owner-freebsd-questions@FreeBSD.ORG]On Behalf Of Thierry >Black > > >> >Sent: Sunday, July 22, 2001 9:32 PM > > >> >To: freebsd-questions@FreeBSD.ORG > > >> >Subject: SirCam virus > > >> > > > >> > > > >> >Hello again! My server has received copies of this "SirCam" virus > > >>notified > > >> >at www.symantec.com. We are using sendmail, and cyrus for delivery. >How > > >>can > > >> >I put a rule to block the messages? The subject, sender, attachment >name, > > >> >and headers are all random (taken from the virus victims email). The >only > > >> >common things are in the body. The messages start with "Hi! How are >you?" > > >> >and end with "See you later. Thanks". > > >> > > > >> >I need to block these messages from being sent to or from our email > > >>server. > > >> >I have heard of procmail, but I don't know hwo to use it with >sendmail > > >>8.9.3 > > >> >and cyrus. > > >> > > > >> > > > >> >_________________________________________________________________ > > >> >Get your FREE download of MSN Explorer at > > >>http://explorer.msn.com/intl.asp > > >> > > > >> > > > >> >To Unsubscribe: send mail to majordomo@FreeBSD.org > > >> >with "unsubscribe freebsd-questions" in the body of the message > > >> > > > >> > > > > > > > > >_________________________________________________________________ > > >Get your FREE download of MSN Explorer at >http://explorer.msn.com/intl.asp > > > > > > > > >To Unsubscribe: send mail to majordomo@FreeBSD.org > > >with "unsubscribe freebsd-questions" in the body of the message > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-questions" in the body of the message > > > >-- >Louis LeBlanc leblanc@acadia.ne.mediaone.net >Fully Funded Hobbyist, KeySlapper Extrordinaire :) >http://acadia.ne.mediaone.net ԿԬ > >QOTD: > "Sure, I turned down a drink once. Didn't understand the question." > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-questions" in the body of the message > _________________________________________________________________ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?F109jpPIKQg9g4alpn900004a00>