Re: mymail worm
From: Wayne Topa (brittman_at_capital.net)
Date: 02/05/04
- Previous message: Adam Aube: "Re: debian sucks aka i cant get it to install"
- In reply to: Brian Potkin: "Re: mymail worm"
- Next in thread: Brian Potkin: "Re: mymail worm"
- Reply: Brian Potkin: "Re: mymail worm"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Wed, 4 Feb 2004 20:24:52 -0500 To: debian-user@lists.debian.org
Brian Potkin(brian@copernicus.demon.co.uk) is reported to have said:
> On Wed, Feb 04, 2004 at 02:10:55PM +0000, Pigeon wrote:
>
> > On Wed, Feb 04, 2004 at 01:59:32AM +0000, Antony Gelberg wrote:
>
> [Snip]
>
> > > Anyone have a similar rule to nuke this new mymail worm? I have some
> > > samples if anyone can tell me how to analyse them to paste the correct
> > > thing in the BD line.
> >
> > This beastie doesn't set the Message-Id: header. I find I can zap it
> > quite happily by looking for Message-Id: headers that have been added
> > by my ISP's mail relay; the following mailfilter rule works:
> >
> > DENY=^Message-Id:.*<.*@store[0-9]\.mail\.uk\.easynet\.net>
> >
> > ...adjust to fit your ISP's relay and translate to procmailese.
>
> I use an identical rule in my mailfilterrc, or did until five minutes
> ago. Its now commented out.
>
> Its usefulness in deleting spam and mail associated with the mymail worm
> before downloading it has been offset by the deletion of a small number
> of legitimate mails, including one a few minutes ago. The originating
> mail server should have added a Message-Id but for some reason some
> don't. Effective the rule might have been but I'd rather not lose mail.
>
So use the rule with SCORE instead of DENY. If it's ligit mail other
score rules will let it pass.
I have yet to see any ligit mail get through (and I check daily) in
well over 3 months of use.
Wayne
-- Any programming language is at its best before it is implemented and used. _______________________________________________________ -- To UNSUBSCRIBE, email to debian-user-request@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
- Previous message: Adam Aube: "Re: debian sucks aka i cant get it to install"
- In reply to: Brian Potkin: "Re: mymail worm"
- Next in thread: Brian Potkin: "Re: mymail worm"
- Reply: Brian Potkin: "Re: mymail worm"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
