[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [suse-security] Fwd: Undelivered Mail Returned to Sender
On Fri, 2004-06-04 at 11:23, Arjen de Korte wrote:
> As a side note, it is easy to drop this particular virus by using the Postfix
> 'smtpd_helo_restrictions' to drop all hosts claiming to be from within your
> own domain, which you know, are not.
smtpd_delay_reject = no
smtpd_helo_required = yes
disable_vrfy_command = yes
strict_rfc821_envelopes = no
Couple of lines out of my postfix main.cf file.
These lines alone have stopped almost 60% of inbound SPAM attempts, as
well as reducing virii threats by huge percentages.
I tries the strict_rfc821_envelopes = yes, but found that so many MTA's
are configured poorley that too much legitimate mail was bouncing :(
Thats Postfix, lightweigt, simple to configure, and flexible.
> ---------- Forwarded Message ----------
> Subject: Undelivered Mail Returned to Sender
> Date: Friday 04 June 2004 10:20
> From: MAILER-DAEMON@xxxxxxx (Mail Delivery System)
> To: suse-security@xxxxxxxxxxxx
> This is the Postfix program at host hermes.suse.de.
> I'm sorry to have to inform you that the message returned
> below could not be delivered to one or more destinations.
> For further assistance, please send mail to <postmaster>
> If you do so, please include this problem report. You can
> delete your own text from the message returned below.
> The Postfix program
> <25866@xxxxxxx>: unknown user: "25866"
> Encapsulated message
> Received: from scanhost.suse.de (scanhost.suse.de [10.0.0.5])
> by hermes.suse.de (Postfix) with ESMTP id 85C238C9D
> for <25866@xxxxxxx>; Fri, 4 Jun 2004 10:20:20 +0200 (CEST)
> Received: by scanhost.suse.de (Postfix, from userid 0)
> id 7B27951E5F; Fri, 4 Jun 2004 10:20:20 +0200 (CEST)
> Delivered-To: virus-quarantine
> X-Quarantine-id: <virus-20040604-101415-03775-17>
> Received: from Cantor.suse.de (cantor.suse.de [126.96.36.199]) (using TLSv1
> with cipher EDH-RSA-DES-CBC3-SHA (168/168 bits)) (No client certificate
> by hermes.suse.de (Postfix) with ESMTP id 953E669115
> for <25866@xxxxxxx>; Fri, 4 Jun 2004 10:13:46 +0200 (CEST)
> Received: from suse.de (pD951F606.dip.t-dialin.net [188.8.131.52])
> by Cantor.suse.de (Postfix) with ESMTP id 4B95668F3BE
> for <25866@xxxxxxx>; Fri, 4 Jun 2004 10:13:32 +0200 (CEST)
> From: suse-security@xxxxxxxxxxxx
> To: 25866@xxxxxxx
> Subject: Re: Your music
> Date: Fri, 4 Jun 2004 10:26:56 +0200
> MIME-Version: 1.0
> Content-Type: text/plain; charset="us-ascii"
> Message-Id: <20040604081332.4B95668F3BE@xxxxxxxxxxxxxx>
> X-AMaViS-Alert: INFECTED, message contains virus: Worm.SomeFool.Gen-1
> X-Converted-To-Plain-Text: from multipart/mixed by demime 1.1d
> X-Converted-To-Plain-Text: Alternative section used was text/plain
> Please have a look at the attached file.
> [the SUSE virus scanner removed an attachment of type application/octet-stream
> which had a name of mp3music.pif]
> [if you need the message in its original form including all attachments,
> please ask the SENDER for a version free of viruses]
> End of encapsulated message
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here