[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] Getting Mail Bombed!

Subject: Re: [cobalt-users] Getting Mail Bombed!
From: SteelHead <brk@xxxxxxxx>
Date: Tue Jul 24 23:51:39 2001
Organization: Linuxhelpers
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

----- Original Message -----
From: "Colin J. Raven" <cjraven@xxxxxxxxxxx>
To: <cobalt-users@xxxxxxxxxxxxxxx>
Sent: Monday, July 23, 2001 4:49 PM
Subject: RE: [cobalt-users] Getting Mail Bombed!

> There must be one assumption here and that is that the mail server is
Linux
> (or some Unix variant) so therefore this can be handled with *relative*
> ease.
>
> Try this little number in your global /etc/procmailrc accompanied by a
small
> shell script (at the foot of this email) to clean up the mess in
> /home/crapper every so often
>
>
> ####################cut below this line###################
> # purpose
> # recipe mangles attachments of filename type defined, converts them into
> # files called "1.txt" and moves the email into the crapper
(/home/crapper)
> # It's easy to add an autoresponder to this if you want to automagically
> tell
> # someone they sent you a nastygram and they should clean their system PDQ
> # customization
> # This recipe can be extended almost limitlessly if you wish to define new
> # filenames. For example, if you wish to add ".bat" (and that might
> # be a "Good Thing" ©) add the filename into the filename line, preceded
> # by a pipe "|" so in this case:
> #  *filename=".*\.(vbs|wsf|eml|shs|exe|nws|chm|pif|vbe|hta|scr)"
> # becomes:
> # *filename=".*\.(vbs|wsf|eml|shs|exe|nws|chm|pif|vbe|hta|scr|bat)"
> #Then build your regexp:
> #'s/\([nN][aA][mM][eE]=".*\.[bB][aA] [tT]\)"/\1.txt"/' \
> #                     -e \
> #and you're good to go with a new filetype!
>
> :0
> *^Content-type: (multipart/mixed|application/octet-stream)
> {
>     :0 HB
>     *^Content-Disposition: (attachment|inline);
>     *filename=".*\.(vbs|wsf|eml|shs|exe|nws|chm|pif|vbe|hta|scr)"
>     {
>        SHELL=/bin/bash
>        :0 fhbw
>        |/bin/sed -e \
> 's/\([nN][aA][mM][eE]=".*\.[vV][bB][sS]\)"/\1.txt"/' \
>                      -e \
> 's/\([nN][aA][mM][eE]=".*\.[wW][sS][fF]\)"/\1.txt"/' \
>                      -e \
> 's/\([nN][aA][mN][eE]=".*\.[eE][mM][lL]\)"/\1.txt"/' \
>                      -e \
> 's/\([nN][aA][mN][eE]=".*\.[nN][wW][sS]\)"/\1.txt"/' \
>                      -e \
> 's/\([nN][aA][mM][eE]=".*\.[sS][hH][sS]\)"/\1.txt"/' \
>                      -e \
> 's/\([nN][aA][mM][eE]=".*\.[eE][xX][eE]\)"/\1.not"/' \
>                      -e \
> 's/\([nN][aA][mM][eE]=".*\.[cC][hH][mM]\)"/\1.txt"/' \
>                      -e \
> 's/\([nN][aA][mM][eE]=".*\.[pP][iI][fF]\)"/\1.txt"/' \
>                      -e \
> 's/\([nN][aA][mM][eE]=".*\.[hH][tT][aA]\)"/\1.txt"/' \
>                      -e \
> 's/\([nN][aA][mM][eE]=".*\.[vV][bB][eE]\)"/\1.txt"/' \
>                      -e \
> v's/\([nN][aA][mM][eE]=".*\.[sS][cC][rR]\)"/\1.txt"/' \
>                      -e \
>        {
>         :0:crapper.lock
>         /home/crapper
>          }
>         }
>
> Next, add a cron job to "flush the crapper"  I flush mine every 4 days or
so
> (I know...I know it's not terribly hygenic but WTF) :-) :-) this is best
> accomplished with a quick homebrewed shell script unimaginatively named
> "flush.sh" and consisting of the following:
>
> #!/bin/sh
> # Periodically flush files older than x days (one day in this example)
>
> find /home/crapper -type f -ctime +1 | xargs rm
>
> [HTH] Hope This Helps (someone)
> Regards to all,
> -Colin
> --
> Colin J. Raven

hehehe,

I suppose that you may want to retrieve the misdirected toy sent by a
"child" using a computer.
 I would rather have 2 things happen.  A list of inected email sources is
kept and, if desired timmed every 3 days or so .  As each item is noted and
filtered, it goes directly to /dev/null and a reply email is sent to the
originating source as determined by the replyto and from header. To minimize
the possibility of "spamming" the ingnorant sender, the outgoing email is
filtered against the list created as emails are sent out, allowing 1
messsage per calendar day per from and replyto

I am not the one to write such a script, I have buddies to help me with
these things (yes I am learning this stuff), but I think this allows a
couple of things to happen.
1) In case of a real bad bombing, the /dev/crapper folder will not fill up
and cause space issues on the drive.
2) the sender of a mail that was just purged as possible spam will be
informed of the fact that mail sent may be infected and has been destroyed
automagically.

I just ran across another public press news story on sircam.  A short snip
from the article may be of interest...
http://www.crn.com/components/Nl/direct/article.asp?ArticleID=28470

Although SirCam comes with randomly selected file names, it carries similar
text in either English or Spanish. In English, the message begins: "Hi! How
are you?" It may then have one of four different lines, including, "I send
you this file in order to have your advice."

The thought here is a true sircam virus has a limited number of body text
strings to search for.  Now it is possible that filtering for the same body
string may cause a valid email to be destryed, hence the notion of
/dev/crapper is useful.

Ohh, I just thought, be careful of filtering client mailboxes! Bad Idea
unless they seek you out to so such a thing.  It is a far better thing to
have a mailbox size limit of reasonable size.

Good luck.
Bill

References:
- RE: [cobalt-users] Getting Mail Bombed!
  - From: Colin J. Raven

Prev by Date: Re: [cobalt-users] [raq4] Forwarding
Next by Date: Re: [cobalt-users] CMU Errors (please help solve!)
Previous by thread: RE: [cobalt-users] Getting Mail Bombed!
Next by thread: Re: [cobalt-users] Getting Mail Bombed!

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index