[Mailman-Users] Help stopping Virus sent to lists "from" my domain

Jamie Penman-Smithson jamie at silverdream.org
Thu Mar 11 18:59:49 CET 2004


On Thu, 2004-03-11 at 17:28, Caleb Epstein wrote:
> On Thu, Mar 11, 2004 at 11:59:50AM -0500, Caleb Epstein wrote:
> 	OK, I've found out a little bit more about the exploit.  The
> 	message is sent with an envelope-from (I think thats the right
> 	term) of an actual list subscriber, one who has permission to
> 	post to the list, but the From: header is one of these made-up
> 	official addresss:
<snip>
> 	Any suggestions on how to catch this forgery?

This type of forgery is usually best handled at the MTA level, I've
setup Postfix to reject mail which appears to originate locally, but is
being received from somewhere else, You don't say what MTA you're using,
but I'm sure there is similar functionality available.

Secondly, all mail to my lists is first sent to a content filter (in my
case, amavis-new) for analysis, which uses SA/clamd to catch most spam
and virii, which means that such mail is stopped before it ever reaches
Mailman.

HTH

-j

-- 
-jamie <jamie at silverdream.org> | spamtrap: spam at silverdream.org
 w: http://silverdream.org | p: sms at silverdream.org
 pgp key @ http://silverdream.org/~jps/pub.key
 17:30:01 up 8 days,  2:50, 11 users,  load average: 1.11, 0.90, 0.70
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://mail.python.org/pipermail/mailman-users/attachments/20040311/c63ae369/attachment.pgp 


More information about the Mailman-Users mailing list