www.borchi.de
07.10.03, 20:47
guckst du hier: http://www.impsec.org/email-tools/procmail-security.html
hab den sanitizer installier (debian packet)
nach der anleitung auf der webseite konfigurieren und die entsprechenden filter installieren.
dann schickt er die mails druch procmail und sortiert eine menge aus und schickt dem absender eine nette nachrischt, er möge mal sein system überprüfen:
----------------------------------------------------------------------------
Subject: Re: Undeliverable Message: User unknown
From: "Procmail Security daemon" <postmaster@ww-clan.com>
Date: Tue, October 7, 2003 21:28
To: silvia.candiotto@tin.it
Priority: Normal
Options: View Full Header | View Printable Version | View Message details
----------------------------------------------------------------------------
*** SECURITY WARNING ***
Our email gateway has detected that your message to
<spitfire@ww-clan.com>
MAY contain hazardous embedded scripting or attachments,
or has been rejected by our site security policy for some other reason.
If you have a question, please reply to this notification message.
It is POSSIBLE that your message was infected by a virus.
You should make sure your virus signature file
is up-to-date and then rescan your computer,
especially if you do not remember sending this message.
If the macro scanner score is large yet your virus scanner reports
that the document is not infected, try saving it using a different
format (such as Rich Text - "RTF") that will remove all macros.
REPORT: Trapped swen variant worm -
http://securityresponse.symantec.com/avcenter/venc/data/w32.swen.a@mm.html
REPORT: Not a document, or already poisoned by filename. Not scanned for macros.
STATUS: Message discarded, not delivered to recipient.
Headers from message:
> From silvia.candiotto@tin.it Tue Oct 07 21:28:31 2003
> Return-path: <silvia.candiotto@tin.it>
> Envelope-to: spitfire@ww-clan.com
> Delivery-date: Tue, 07 Oct 2003 21:28:31 +0200
> Received: from mail by noname.ww-clan.com with spam-scanned (Exim 3.36 #1 (Debian))
> id 1A6xVW-0000kM-00
> for <spitfire@ww-clan.com>; Tue, 07 Oct 2003 21:28:31 +0200
> Received: from natmx01.rzone.de ([81.169.145.162])
> by noname.ww-clan.com with esmtp (Exim 3.36 #1 (Debian))
> id 1A6xVW-0000kH-00
> for <spitfire@ww-clan.com>; Tue, 07 Oct 2003 21:28:30 +0200
> Received: from vsmtp4.tin.it (vsmtp4.tin.it [212.216.176.224])
> by mailin.webmailer.de (8.12.10/8.12.10) with ESMTP id h97JST6M028578
> for <christian@borchi.de>; Tue, 7 Oct 2003 21:28:29 +0200 (MEST)
> Received: from fqkqk (212.171.157.29) by vsmtp4.tin.it (7.0.019)
> id 3F7986AC004C25D1; Tue, 7 Oct 2003 21:18:11 +0200
> Date: Tue, 7 Oct 2003 21:18:11 +0200 (added by postmaster@virgilio.it)
> Message-ID: <3F7986AC004C25D1@vsmtp4.tin.it> (added by postmaster@virgilio.it)
> FROM: "" <qmailrobot@aol.com>
> TO: "inet recipient" <receiver@emaildomain.com>
> SUBJECT: Undeliverable Message: User unknown
> Mime-Version: 1.0
> Content-Type: multipart/alternative;
> boundary="eaybtb"
> X-Spam-Checker-Version: SpamAssassin 2.60 (1.212-2003-09-23-exp) on
> noname.ww-clan.com
> X-Spam-Level: ****
> X-Spam-Status: No, hits=4.2 required=5.0 tests=BAYES_44,HTML_MESSAGE,
> HTML_RELAYING_FRAME,MICROSOFT_EXECUTABLE,MIME_HTML _NO_CHARSET,
> MIME_HTML_ONLY,MIME_HTML_ONLY_MULTI,MIME_SUSPECT_N AME,NO_REAL_NAME
> autolearn=no version=2.60
> X-Content-Security: [noname] NOTIFY
> X-Content-Security: [noname] DISCARD
> X-Content-Security: [noname] REPORT: Trapped swen variant worm -
http://securityresponse.symantec.com/avcenter/venc/data/w32.swen.a@mm.html
--
Message sanitized on noname
See http://www.impsec.org/email-tools/sanitizer-intro.html for details.
----------------------------------------------------------------------------
also ich finde das teil gut...
hab den sanitizer installier (debian packet)
nach der anleitung auf der webseite konfigurieren und die entsprechenden filter installieren.
dann schickt er die mails druch procmail und sortiert eine menge aus und schickt dem absender eine nette nachrischt, er möge mal sein system überprüfen:
----------------------------------------------------------------------------
Subject: Re: Undeliverable Message: User unknown
From: "Procmail Security daemon" <postmaster@ww-clan.com>
Date: Tue, October 7, 2003 21:28
To: silvia.candiotto@tin.it
Priority: Normal
Options: View Full Header | View Printable Version | View Message details
----------------------------------------------------------------------------
*** SECURITY WARNING ***
Our email gateway has detected that your message to
<spitfire@ww-clan.com>
MAY contain hazardous embedded scripting or attachments,
or has been rejected by our site security policy for some other reason.
If you have a question, please reply to this notification message.
It is POSSIBLE that your message was infected by a virus.
You should make sure your virus signature file
is up-to-date and then rescan your computer,
especially if you do not remember sending this message.
If the macro scanner score is large yet your virus scanner reports
that the document is not infected, try saving it using a different
format (such as Rich Text - "RTF") that will remove all macros.
REPORT: Trapped swen variant worm -
http://securityresponse.symantec.com/avcenter/venc/data/w32.swen.a@mm.html
REPORT: Not a document, or already poisoned by filename. Not scanned for macros.
STATUS: Message discarded, not delivered to recipient.
Headers from message:
> From silvia.candiotto@tin.it Tue Oct 07 21:28:31 2003
> Return-path: <silvia.candiotto@tin.it>
> Envelope-to: spitfire@ww-clan.com
> Delivery-date: Tue, 07 Oct 2003 21:28:31 +0200
> Received: from mail by noname.ww-clan.com with spam-scanned (Exim 3.36 #1 (Debian))
> id 1A6xVW-0000kM-00
> for <spitfire@ww-clan.com>; Tue, 07 Oct 2003 21:28:31 +0200
> Received: from natmx01.rzone.de ([81.169.145.162])
> by noname.ww-clan.com with esmtp (Exim 3.36 #1 (Debian))
> id 1A6xVW-0000kH-00
> for <spitfire@ww-clan.com>; Tue, 07 Oct 2003 21:28:30 +0200
> Received: from vsmtp4.tin.it (vsmtp4.tin.it [212.216.176.224])
> by mailin.webmailer.de (8.12.10/8.12.10) with ESMTP id h97JST6M028578
> for <christian@borchi.de>; Tue, 7 Oct 2003 21:28:29 +0200 (MEST)
> Received: from fqkqk (212.171.157.29) by vsmtp4.tin.it (7.0.019)
> id 3F7986AC004C25D1; Tue, 7 Oct 2003 21:18:11 +0200
> Date: Tue, 7 Oct 2003 21:18:11 +0200 (added by postmaster@virgilio.it)
> Message-ID: <3F7986AC004C25D1@vsmtp4.tin.it> (added by postmaster@virgilio.it)
> FROM: "" <qmailrobot@aol.com>
> TO: "inet recipient" <receiver@emaildomain.com>
> SUBJECT: Undeliverable Message: User unknown
> Mime-Version: 1.0
> Content-Type: multipart/alternative;
> boundary="eaybtb"
> X-Spam-Checker-Version: SpamAssassin 2.60 (1.212-2003-09-23-exp) on
> noname.ww-clan.com
> X-Spam-Level: ****
> X-Spam-Status: No, hits=4.2 required=5.0 tests=BAYES_44,HTML_MESSAGE,
> HTML_RELAYING_FRAME,MICROSOFT_EXECUTABLE,MIME_HTML _NO_CHARSET,
> MIME_HTML_ONLY,MIME_HTML_ONLY_MULTI,MIME_SUSPECT_N AME,NO_REAL_NAME
> autolearn=no version=2.60
> X-Content-Security: [noname] NOTIFY
> X-Content-Security: [noname] DISCARD
> X-Content-Security: [noname] REPORT: Trapped swen variant worm -
http://securityresponse.symantec.com/avcenter/venc/data/w32.swen.a@mm.html
--
Message sanitized on noname
See http://www.impsec.org/email-tools/sanitizer-intro.html for details.
----------------------------------------------------------------------------
also ich finde das teil gut...