Date: Wed, 20 Jun 2001 16:53:35 -0700 From: faSty <fasty@i-sphere.com> To: "Bruce M. Walker" <bmw@borderware.com> Cc: freebsd-security@freebsd.org Subject: Re: need help filter this stupid virus. Sendmail didnt stop this. Message-ID: <20010620165335.C20771@i-sphere.com> In-Reply-To: <200106202329.f5KNTPm07958@fusion.borderware.com>; from bmw@borderware.com on Wed, Jun 20, 2001 at 07:29:25PM -0400 References: <20010620194713.A18467@ns1.via-net-works.net.ar> <200106202329.f5KNTPm07958@fusion.borderware.com>
next in thread | previous in thread | raw e-mail | index | archive | help
I did used "From:hahaha@sexyfun.net" and still fails reject it. -trev On Wed, Jun 20, 2001 at 07:29:25PM -0400, Bruce M. Walker wrote: > Fernando P . Schapachnik wrote: > > [somebody previously wrote...] > > > > > > You don't need the from. For example, try this: > > Actually, you *do*. See below... > > > > > [emechler@lucifer ~]$ cat /etc/mail/access > > > hahaha@sexyfun.net REJECT > > > > It won't work, as the virus uses hahaha@sexyfun.net INSIDE the > > message itself and sendmail checks the From field from the envelope, > > which in this case is probably <> (empty). > > That's correct. > > However, new sendmails can specify header checks. For example, if you > are running FreeBSD 4.3 read /usr/share/sendmail/cf/README and check > around line 1859. > > This syntax is supposed to match mail-header From: (or To:) lines... > > From:spammer@some.dom REJECT > To:friend.domain RELAY > > > Don't forget to hash the map file after editing /etc/mail/access ! > You should be able to simply say "make" in that folder. Or, > > makemap hash /etc/mail/access < /etc/mail/access > > > > I was about to report it as a bug to sendmail a few days ago, but > > then I thought there might be some option to change that behavior or > > some valid reason for sendmail to accept a empty mail from: > > There are two very compelling reasons to accept empty envelope-from: > > 1. mailers send bounce and other internally-created error messages > with an empty envelope-from. If you don't accept them, you > will confuse users who will not see bounces. > > 2. the RFCs say so. See RFC2821 (and RFC821). > > > Cheers! > > -bmw > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010620165335.C20771>