Date: Wed, 20 Jun 2001 19:29:25 -0400 (EDT) From: "Bruce M. Walker" <bmw@borderware.com> To: "Fernando P . Schapachnik" <fschapachnik@vianetworks.com.ar> Cc: Erick Mechler <emechler@techometer.net>, faSty <fasty@i-sphere.com>, freebsd-security@FreeBSD.ORG Subject: Re: need help filter this stupid virus. Sendmail didnt stop this. Message-ID: <200106202329.f5KNTPm07958@fusion.borderware.com> In-Reply-To: <20010620194713.A18467@ns1.via-net-works.net.ar> from "Fernando P . Schapachnik" at "Jun 20, 2001 07:47:13 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
Fernando P . Schapachnik wrote:
> [somebody previously wrote...]
> >
> > You don't need the from. For example, try this:
Actually, you *do*. See below...
> > [emechler@lucifer ~]$ cat /etc/mail/access
> > hahaha@sexyfun.net REJECT
>
> It won't work, as the virus uses hahaha@sexyfun.net INSIDE the
> message itself and sendmail checks the From field from the envelope,
> which in this case is probably <> (empty).
That's correct.
However, new sendmails can specify header checks. For example, if you
are running FreeBSD 4.3 read /usr/share/sendmail/cf/README and check
around line 1859.
This syntax is supposed to match mail-header From: (or To:) lines...
From:spammer@some.dom REJECT
To:friend.domain RELAY
Don't forget to hash the map file after editing /etc/mail/access !
You should be able to simply say "make" in that folder. Or,
makemap hash /etc/mail/access < /etc/mail/access
> I was about to report it as a bug to sendmail a few days ago, but
> then I thought there might be some option to change that behavior or
> some valid reason for sendmail to accept a empty mail from:
There are two very compelling reasons to accept empty envelope-from:
1. mailers send bounce and other internally-created error messages
with an empty envelope-from. If you don't accept them, you
will confuse users who will not see bounces.
2. the RFCs say so. See RFC2821 (and RFC821).
Cheers!
-bmw
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200106202329.f5KNTPm07958>