[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] How to de-queue mail? Sobig virus message
- Subject: Re: [cobalt-users] How to de-queue mail? Sobig virus message
- From: Larry Smith <lesmith@xxxxxxxxx>
- Date: Wed Jan 15 13:01:00 2003
- Organization: ECSIS.NET
- List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>
On Wednesday 15 January 2003 01:49 pm, Glenn Parsons wrote:
> I run (send)mail on a Cobalt RaQ3. I am repetedly receiving unable to
> deliver messages from sendmail on my mail server since someone sent the
> sobig virus to one of my users. The MailScanner caught it, but it is still
> trying to send to big@xxxxxxxxx
>
> What is the best method to deal with this. I can see the process for the
> message:
Glenn,
This is a two way street - meaning I deal with it from two directions.
First, I create an access entry (/etc/mail/access) that denies "big@xxxxxxxx"
for virus content;
Second, I create an "alias" for "big@xxxxxxxx" (/etc/mail/aliases) that
redirects that email to "/dev/null" (bit bucket) so that if any [more] get
through the server will simply throw them away.
I also have several addresses in the alias file that are "guaranteed" to fail
(and hence go to postmaster) to catch some of the trojan horse messages that
get sent back to the "owner" (of the trojan that is). My intent being to
catch these first and let my customer know they have been breached before
someone else gets their username/password and such...
EG: mail-gerant.com, fairesuivre.com, ml1.net and sergio52@xxxxxxx for
just a few I "know" trojan information is sent to....
--
Larry Smith
SysAd ECSIS.NET
sysad@xxxxxxxxx