Date: Wed, 5 Dec 2001 21:42:26 -0800 From: Owner of many system processes <william@hq.newdream.net> To: freebsd-security@FreeBSD.ORG Subject: Re: (WOT) Re: the best edited picture ever Message-ID: <20011206054226.GA20863@hq.newdream.net> In-Reply-To: <Pine.BSF.3.96.1011206155044.11905C-100000@gaia.nimnet.asn.au> References: <20011206044206.GD12011@hq.newdream.net> <Pine.BSF.3.96.1011206155044.11905C-100000@gaia.nimnet.asn.au>
next in thread | previous in thread | raw e-mail | index | archive | help
Ian Smith wrote: > > [on topic? I'd actually like to know what can be done with majordomo > to accomplish it; we're having just this problem with a list run from > here] well it looks like hub.freebsd.org is running postfix according to the smtp banner, so assuming no one at freebsd wants to receive this type of thing, it would be pretty trivial to block most (but not all) of this type of stuff with regex checks. this has the advantage of getting rid of this junk as early as possible. assuming pcre body_checks, something like this might work (this is just from the postfix-users list; i haven't tested it personally, but something like this should work). something similar could be done if POSIX regexes are used instead.... (sorry for the long line) /^(Content-Disposition: attachment;.*| Content-Type:.*|(\t|)+)(file)?name="?.*\.(lnk|hta|com|pif|vbs|vbe|js|jse|exe|bat|cmd|vxd|scr|shm|dll)"?$/ REJECT however this would apply to all mail coming into the server... (although god knows why anyone at freebsd.org would want to receive this type of attachment, especially not zipped or tarred /gzipped. obviously this would be up to whoever admins the freebsd mail servers... i haven't used majordomo, so i'm not sure how to do this specifically with that software. > I don't agree that these lists need the large overhead of moderation, > if a (hopefully) simple technical fix can drastically reduce the > volume of this crap in any and all freebsd lists - including stripping > HTML mail. hopefully so. who is 'officially' in charge of this list? perhaps they could let us know if anything can be done regarding this? -- William Yardley System Administrator, Newdream Network william@hq.newdream.net http://infinitejazz.net/will/pgp/gpg.asc To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011206054226.GA20863>