Date: Mon, 23 Jul 2001 21:59:37 -0700 From: "Ted Mittelstaedt" <tedm@toybox.placo.com> To: "Thierry Black" <thierryblack@hotmail.com>, <freebsd-questions@FreeBSD.ORG> Cc: <leblanc+freebsd@acadia.ne.mediaone.net> Subject: RE: SirCam virus Message-ID: <000401c113fd$709437e0$1401a8c0@tedm.placo.com> In-Reply-To: <F109jpPIKQg9g4alpn900004a00@hotmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
I don't use cyrus and I didn't know it could do local delivery. Is there any way you can configure it out of inetd or something to just act as a imap or pop3 server and leave the local delivery alone? Can it pull mail out of /var/mail/user instead or /var/spool/imap/user? Perhaps if there's a cyrus mailing list they know? I'd be very surprised if cyrus could not be used as just a pop3/imap server. This is the problem with these one-size-fits-all programs that attempt to do everything, not modular enough. As it is if your calling cyrus directly from sendmail as a local delivery agent with a Mcyrus, there's no easy way to intercept the mail to filter it. Any filtering would have to be done by cyrus unless you tried to use the sendmail milter functionality. (and I have no idea if this could be made to work, milters are a relatively young addition to Sendmail and I don't think many people use them yet) I use uw-imap myself but you need to get the very latest and still it's unsafe if you allow shell access to the mailserver (a very idiotic thing to do in my opinion) but it does only act as a pop3/imap server and leaves the local delivery alone. I agree though that it leaves much to be desired and early versions of uw-imap were horrible, had bad memory usage and were full of bugs, etc. Ted Mittelstaedt tedm@toybox.placo.com Author of: The FreeBSD Corporate Networker's Guide Book website: http://www.freebsd-corp-net-guide.com >-----Original Message----- >From: owner-freebsd-questions@FreeBSD.ORG >[mailto:owner-freebsd-questions@FreeBSD.ORG]On Behalf Of Thierry Black >Sent: Monday, July 23, 2001 8:40 PM >To: freebsd-questions@FreeBSD.ORG >Cc: leblanc+freebsd@acadia.ne.mediaone.net; tedm@toybox.placo.com >Subject: Re: SirCam virus > > > >>Hey Ted and Thierry. I am curious about the cyrus/procmail thing. I >>am running Cyrus 1.6.24 with Procmail (don't remember the version). >> >>I am handling this pretty much the way you suggested, Ted, except that I >>may be doing it the wrong way. There are several issues with using >>sendmail and Cyrus. Unfortunately, Cyrus is somewhat notoriously >>difficult to configure with sendmail (at least in my experience). I >>am under the impression that it is necessary to have several flags set >>to make Cyrus run smoothly. Procmail is configured to call deliver, >>which will then pop the message into the correct mailbox. > >Hi Louis--The problem I experience with cyrus is that its deliver doesn't >actually do local delivery (I don't want local delivery), so I don't >understand what configuring procmail to intercept local delivery would help >if cyrus is already sending mail to its own spool directories for each user >in /var/spool/imap/user/, not /var/mail. > >Ted's message was helpful, but I must be missing something. >In my sendmail.cf, I have an Mcyrus section for the cyrus mailer, >and there is an Mlocal section for local delivery (about 4 ids use local >delivery here instead of cyrus, like root, for one), but I think procmail >needs to happen before either Mcyrus or Mlocal so that it can filter both >kinds of mail, right? > >Mail would need to go from sendmail to procmail, then to cyrus, or local >delivery, but I don't understand it well enough to make that happen. > > > > > >> >>If I can just tell sendmail to use procmail to handle local delivery, >>I suspect this would simplify my configuration headaches. >> >>Any ideas there? >> >>As for procmail, Thierry, I highly recommend it. Especially if your >>users tend to subscribe to mailing lists. I have found that it really >>helps when some other subscriber goes on vacation and forgets to >>exclude the list from vacation responses - vicious circle. I just put >>the sender (usually a postmaster id) into a killfile, and I never have >>to see the hundreds of messages generated by the cycle. Just the >>dozens of others that respond to bitch about it - resulting in more >>messages. >> >>Recently, I thought about using the Cyrus Sieve tool, which is >>supposed to be a replacement for procmail, but I decided to stick with >>what I knew. If you want to start with an integrated tool, you might >>want to check it out. I for one still like the Unix mentality - a >>tool should do one thing and do it well. >> >>Lou >> >>On 07/23/01 01:14 AM, Ted Mittelstaedt sat at the `puter and typed: >> > cyrus is not relevent to this discussion. Your not replacing it, >> > your replacing the local delivery program. cyrus gets the >> > message well after the local delivery program (ie: procmail) >> > has finished with it. >> > >> > The way it works now is that the message comes in, is accepted by >> > sendmail which passes it to the local delivery program mail.local, >> > which writes it into /var/mail/username. cyrus then picks it up >> > from there when a imap or pop request comes in and delivers it out >> > via imap or pop. >> > >> > The way you want it to work is the message comes in, is accepted by >> > sendmail which passes it to the local delivery program procmail, >> > which filters it for spam and for this virus, then writes it into >> > /var/mail/username. cyrus then picks it up from there when a imap or >>pop >> > request comes in and delivers it out via imap or pop. >> > >> > All that feature does that I mention in the article is change the line >> > in sendmail.cf >> > >> > Mlocal, P=/usr/libexec/mail.local, F=lsDFMAw5:/|@qPSXfmnz9P, >> > S=EnvFromL/ >> > HdrFromL, R=EnvToL/HdrToL, >> > >> > to a Mlocal line that replaces mail.local with the procmail invocation. >> > >> > You want to spend some time reading the procmail mailing list and >> > documentation for some more detailed answers. But it's not that hard >> > and also procmail is the default local delivery program for GNU/Linux >> > so there's plenty of info out there on it in the Linux mailing list >> > archives. (although a lot of Linux people use postfix instead of >> > sendmail, yech!) >> > >> > Ted Mittelstaedt >>tedm@toybox.placo.com >> > Author of: The FreeBSD Corporate Networker's >>Guide >> > Book website: >>http://www.freebsd-corp-net-guide.com >> > >> > >> > >-----Original Message----- >> > >From: owner-freebsd-questions@FreeBSD.ORG >> > >[mailto:owner-freebsd-questions@FreeBSD.ORG]On Behalf Of Thierry Black >> > >Sent: Monday, July 23, 2001 12:20 AM >> > >To: tedm@toybox.placo.com; freebsd-questions@FreeBSD.ORG >> > >Subject: RE: SirCam virus >> > > >> > > >> > >Hello Ted! Thankyou for the reply. I'm sure procmail is the answer now >>but >> > >as my original post said, I don't know how to make procmail work with >>cyrus. >> > >Your article was really good, but it didn't explain that. Do you know >>how I >> > >can make procmail work with sendmail 8.9.3 and cyrus? >> > > >> > >thankyou >> > >thierry >> > > >> > > >> > > >> > > >> > > >> > >>From: "Ted Mittelstaedt" <tedm@toybox.placo.com> >> > >>To: "Thierry Black" <thierryblack@hotmail.com>, >> > >><freebsd-questions@FreeBSD.ORG> >> > >>Subject: RE: SirCam virus >> > >>Date: Sun, 22 Jul 2001 23:41:26 -0700 >> > >>MIME-Version: 1.0 >> > >> >> > >>Actually this virus is an easy one to block. According to the >> > >>advisory there is always one of the following strings: >> > >> >> > >>"Hi! How are you?" >> > >> >> > >>"I send you this file in order to have your advice" >> > >> >> > >>So all you need to do is replace the local delivery agent with >> > >>Procmail and write a procmail recipe to filter out messages >> > >>containing either of those strings. I did a column on this a >> > >>while ago it's here: >> > >> >> > >>http://www.computerbits.com/archive/1998/1000/lan9810.html >> > >> >> > >> You really ought to be doing this for your spamfiltering anyway. >> > >> >> > >>Ted Mittelstaedt >> > >>tedm@toybox.placo.com >> > >>Author of: The FreeBSD Corporate Networker's >> > >>Guide >> > >>Book website: >> > >>http://www.freebsd-corp-net-guide.com >> > >> >> > >> >> > >> >-----Original Message----- >> > >> >From: owner-freebsd-questions@FreeBSD.ORG >> > >> >[mailto:owner-freebsd-questions@FreeBSD.ORG]On Behalf Of Thierry >>Black >> > >> >Sent: Sunday, July 22, 2001 9:32 PM >> > >> >To: freebsd-questions@FreeBSD.ORG >> > >> >Subject: SirCam virus >> > >> > >> > >> > >> > >> >Hello again! My server has received copies of this "SirCam" virus >> > >>notified >> > >> >at www.symantec.com. We are using sendmail, and cyrus for delivery. >>How >> > >>can >> > >> >I put a rule to block the messages? The subject, sender, attachment >>name, >> > >> >and headers are all random (taken from the virus victims email). The >>only >> > >> >common things are in the body. The messages start with "Hi! How are >>you?" >> > >> >and end with "See you later. Thanks". >> > >> > >> > >> >I need to block these messages from being sent to or from our email >> > >>server. >> > >> >I have heard of procmail, but I don't know hwo to use it with >>sendmail >> > >>8.9.3 >> > >> >and cyrus. >> > >> > >> > >> > >> > >> >_________________________________________________________________ >> > >> >Get your FREE download of MSN Explorer at >> > >>http://explorer.msn.com/intl.asp >> > >> > >> > >> > >> > >> >To Unsubscribe: send mail to majordomo@FreeBSD.org >> > >> >with "unsubscribe freebsd-questions" in the body of the message >> > >> > >> > >> >> > > >> > > >> > >_________________________________________________________________ >> > >Get your FREE download of MSN Explorer at >>http://explorer.msn.com/intl.asp >> > > >> > > >> > >To Unsubscribe: send mail to majordomo@FreeBSD.org >> > >with "unsubscribe freebsd-questions" in the body of the message >> > > >> > >> > >> > To Unsubscribe: send mail to majordomo@FreeBSD.org >> > with "unsubscribe freebsd-questions" in the body of the message >> > >> >>-- >>Louis LeBlanc leblanc@acadia.ne.mediaone.net >>Fully Funded Hobbyist, KeySlapper Extrordinaire :) >>http://acadia.ne.mediaone.net ԿԬ >> >>QOTD: >> "Sure, I turned down a drink once. Didn't understand the question." >> >> >>To Unsubscribe: send mail to majordomo@FreeBSD.org >>with "unsubscribe freebsd-questions" in the body of the message >> > > >_________________________________________________________________ >Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?000401c113fd$709437e0$1401a8c0>