On Monday 02 June 2003 04:14, Daryl Hunt wrote:True, Klez is a hard one to track down. Perhaps a better solution would be to allow the virus scanner to do its job.
----- Original Message ----- From: "Thomas E. Dukes" <[EMAIL PROTECTED]> To: "[EMAIL PROTECTED] Com" <[EMAIL PROTECTED]> Sent: Sunday, June 01, 2003 7:36 PM Subject: Creating blacklist
I keep getting email virii (sp) sent to me from from a particular domain. This has gone on for a couple months now. I have notified these people but they can't or won't stop. Thankfully, I use mailscanner and f-prot which catches everything (so far). It's the Klez virus.
I also use spamassassin. I tried putting their domain in
/etc/mail/access as REJECT and creating a new /etc/mail/access.db It still comes through. I'm tired of seeing this crap. How can I
make a blacklist of my own site-wide. I see how to do it in each
user home directory but I want the whole site to reject mail from
that domain.
Do I make a file /etc/mail/spamassassin/user_prefs or do I add the blacklist_from to /etc/mail/spamassassin/local.cf?
TIA
I'm trying to figure out what spamassassin has to do with this. Any mail addresses you find in a Klez originated message, except yours, has been spoofed by the virus so adding these addresses to a blacklist will do nothing except possibly blacklist your friends, neighbors, and other innocent victims.
You can also pull from the header the IP of the server the email came from (if you haven't already done so)--this is more difficult (if not impossible) to spoof. With this, you can contact that server's admin and make them aware of the situation--giving them a chance to resolve the problem. They should be able to track down the client sending the email if they keep good logs.
If the problem persists you could then blacklist them but only as a last resort. Most "lagit" admins will work to resolve the problem so as to avoid disrupting service for their customers.
-- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
