Re: [Evolution] Is it just me?

[guenther <guenther rudersport de>]

> I run Postfix 2.1 and use pcre-regexp header/mime header checks (mime
> headers are actually in the message body). These check for (many)
> Microsoft extensions (exe, vbs, vba, pif, zip and lots of others) and
> reject (smtp 550) them. So my mail server refuses to receive them.
>
> I'm at present refusing 2-3 per day *claiming* to be from this list (my
> Postfix logs say so). The reason's long and involved, but I can't
> readily check whether this is "backscatter" (Wietse Venema word for
> false MAIL FROM:s) or whether they really do come from the Evo list.

Nope, this is not just you. There are some worms getting through this
list. Seems, there is at least one infected Micros~1 Windows machine
that has collected this lists email address and Jeffs...

(Yep, IIRC most of them forged Jeff as being the sender.)


I am glad subscribers to this list don't start long threads for any of
this worms. :-)  There are other lists, though...


> If they really are from the list, then shame on the maintainer. If they
> aren't, then my apologies to the maintainer, I can accept them and
> simply direct them to /dev/null instead.

Well, at least this list requires subscription. Otherwise we already
would have seen much more of them...

Blocking all attachments would be a very bad idea IMHO. Stripping those
infamous attachments would at least save bandwidth and protect anyone
reading this list with MS clients. Simply rejecting those mails would
actually keep the list clean but has another bad impact. [1]

Tony, as you are knowledgeable about this issues, any specific advice to
the list admins?

...guenther


[1]  Automatically generated reply messages as response to received
worms is not the solution for years...


-- 
char *t="\10pse\0r\0dtu\0  ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1:
(c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}