Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations IamaSherpa on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Configuring Sendmail To Stop .xxx Files

Status
Not open for further replies.
Pendulum

Pendulum

IS-IT--Management
Sep 20, 2003
2
US
I am sure ya'all are aware of the massive flood of "Microsoft" Patch emails that are being sent. I have, in the past 36 hours, received almost 1000 of them to my Sendmail Server.
I am somewhat a step above a newbie, but trying to configure MailScanner or MIMEDefang to block these emails has shown me how ignorant I am. Unfortuanatly, I don't have the time to learn in depth about Sendmail confiurations. I just really want to stop all these emails with .exe attachments.
Can someone show me a quick and easy way to do this?

Any assistance would be greatly appreciated.
 
Sort by date Sort by votes
Why not have your LDA do the work instead of configuring MIMEDefang ?
Possible scenario:
Use Procmail and then drop a .procmailrc recipe into each users home dir or use a global .procmailrc recipe.

In the example below procmail will check for a particular extension on incomming mail and if a match happens it will route the mail /dev/null or where ever you direct it to.

FORMAIL=/usr/bin/formail
SENDMAIL=/usr/sbin/sendmail
SHELL=/bin/sh
MAILDIR=/var/spool/mail/userX

### Check for multipart header
:0 H
* ^Content-Type: multipart
# check body for executable filenames
{
:0 B
* .*\/name=.*\.(pif|scr|vbs)(")?(\ *|\t*)$
/dev/null
}


There is no God, only 10001010
 
Upvote 0 Downvote
Thanx for the code. It sounds like EXACTLY what I am looking for.

Quick question though. If I want to make this global, where do I stick the .procmailrc ???

Thanx again. Much appreciated...


 
Upvote 0 Downvote
Procmail will go to /etc/procmailrc first and then to the users home dir$.


There is no God, only 10001010
 
Upvote 0 Downvote
Pendulum,

If you have MailScanner setup and running, then it's pretty trivial to do, just look under the "Attachment Filename Checking" section of MailScanner.conf.

If you don't have MailScanner running, I'd suggest trying to spend the time getting it up. I'm running on a RH 8.0 server and just used the RPM. I also installed CLAM Antivirus (which filters most of the big viruses like Klez or Gibe.F) and SpamAssassin. MailScanner makes running these extra apps extremely easy.

I'd be glad you give you more information on it.

Bluecrack
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Mikheil
  • Locked
  • Question
SMF Forum - sendmail not working
Replies
0
Views
3K
Mikheil
Mikheil
kitaman
  • Locked
  • Question
sendmail -bv
Replies
0
Views
3K
kitaman
kitaman
gwak1193
  • Locked
  • Question
sendmail smarthost
Replies
0
Views
2K
gwak1193
gwak1193
cndgk
  • Locked
  • Question
What might cause local-originated (submit.cf?) mail not to show up in syslog,but incoming mail does?
Replies
0
Views
3K
cndgk
cndgk
lolodirezo
  • Locked
  • Question
detect unused sendmail mailboxes in order to delete these boxes
Replies
0
Views
2K
lolodirezo
lolodirezo

Part and Inventory Search

Sponsor

Back
Top