[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-users] sendmail rule to block relay for certain email addresses

Subject: RE: [cobalt-users] sendmail rule to block relay for certain email addresses
From: "Colin J. Raven" <cjraven@xxxxxxxxxxx>
Date: Wed Feb 14 08:34:00 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

<snip>
>
>I would also like to filter any incoming email with
>attachments that end in
>.vbs.
Try procmail, it is more effective than bogging down sendmail with a
bunch of extra rules. Procmail exists by default in all Qubes and RAQ's
I believe. man procmail for more info. You can begin however by simply
creating a file in etc (as root) called /etc/procmailrc (NOT
[dot]procmailrc, just plain procmailrc) and poulate it with systemm-wide
mail exclusion rules.
Stay tuned by the way, for something that will catch a double banger
like .jpg.vbs (like our now famous Anna Kornikova worm)I should be able
to post something to the list by tonight. I'm going to be on the road
all day today, but I'll put this on my todo list for this evening when I
get back.

Try these that live in my /etc/procmailrc, I have found them to be
extremely effective:

SHELL=/bin/sh
#Leave this *ON* if adding a new recipe or debugging
#something that is not working
VERBOSE=OFF
MAILDIR=/home/users/username/mail
LOGFILE=/home/users/username/procmail/log

:0:sexyfun.lock
* ^From: .*\<hahaha@sexyfun\.net\>
/home/users/username/mail/crapper

:0
*^Content-type: (multipart/mixed|application/octet-stream)
{
    :0 HB
    *^Content-Disposition: (attachment|inline);
    *filename=".*\.(vbs|wsf|shs|exe|chm|pif|vbe|hta|scr)"
    {
       SHELL=/bin/sh
       :0 fhbw
       |/usr/bin/sed -e \
's/\([nN][aA][mM][eE]=".*\.[vV][bB][sS]\)"/\1.txt"/' \
                     -e \
's/\([nN][aA][mM][eE]=".*\.[wW][sS][fF]\)"/\1.txt"/' \
                     -e \
's/\([nN][aA][mM][eE]=".*\.[sS][hH][sS]\)"/\1.txt"/' \
                     -e \
's/\([nN][aA][mM][eE]=".*\.[eE][xX][eE]\)"/\1.not"/' \
                     -e \
's/\([nN][aA][mM][eE]=".*\.[cC][hH][mM]\)"/\1.txt"/' \
                     -e \
's/\([nN][aA][mM][eE]=".*\.[pP][iI][fF]\)"/\1.txt"/' \
                     -e \
's/\([nN][aA][mM][eE]=".*\.[hH][tT][aA]\)"/\1.txt"/' \
                     -e \
's/\([nN][aA][mM][eE]=".*\.[vV][bB][eE]\)"/\1.txt"/' \
                     -e \
's/\([nN][aA][mM][eE]=".*\.[sS][cC][rR]\)"/\1.txt"/' \

       :0:
       /home/users/username/mail/crapper
    }

 }

:0
*^Content-type: (multipart/mixed|application/octet-stream)
{
   :0 HB
   *^Content-Disposition: attachment;
   *filename=".*\.(vbs|shs|wsf|vbe|wsh|hta|pif|exe|scr)"
   {
     :0 fhbw
     |/bin/sed -e 's/\([nN][aA][mM][eE]=".*\....\)"/\1.txt"/'
     :0:
     /home/users/username/mail/crapper
   }
}

Follow-Ups:
- Re: [cobalt-users] sendmail rule to block relay for certain email addresses
  - From: inc
- Re: [cobalt-users] sendmail rule to block relay for certain email addresses
  - From: Kevin D

References:
- [cobalt-users] sendmail rule to block relay for certain email addresses
  - From: Kevin D

Prev by Date: [cobalt-users] Re: cobalt-users digest, Vol 1 #2115 - 21 msgs
Next by Date: [cobalt-users] Amanda backup client
Previous by thread: [cobalt-users] sendmail rule to block relay for certain email addresses
Next by thread: Re: [cobalt-users] sendmail rule to block relay for certain email addresses

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index