Slashdot Mirror

← Back to Stories (view on slashdot.org)

Defending Your Mail Server?

Posted by Cliff on from the battening-down-the-hatches dept.

soren42 asks: "I've been a casualty of war in the latest round of SoBig battles. Apparently, some of my user's e-mail addresses were in the address books of infected Outlook clients, and spam is now being circulated appearing to come from my domain. I'm getting almost 50 'Message Undeliverable' errors per hour, and I think I've been blacklisted from AOL and Earthlink. I know there are plenty of you are having this problem - how are you dealing with it?" Email viruses, once urban legends, have now become a real threat to certain people. What active measures can users (both vulnerable and non-vulnerable to such things) take to lower the propagation rate of such viruses across the internet?

4 of 72 comments (clear)

  1. Fucking Spammers by Goo.cc · · Score: 3, Insightful

    The usefulness of E-Mail is slowly being destroyed by Spammers. There has been a few times now that I couldn't either send or receive an e-mail because of blackholes and I get more spam everyday. Is there anything new on the horizon to prevent spam? Laws, Filters, Blackholes, and Whitelists seem unable to do anything about this problem.

    Maybe we should just start suing the companies that use Spammers. (Some will deny knowledge of any spamming but ignorance of who is doing your advertising is no excuse IMO.)

  2. Re:I've got the same problem - can't fix from my e by Anonymous Coward · · Score: 1, Insightful

    Just set up filters based on the sobig subjects to delete them. No more messages.

  3. Re:Do not use Outlook, etc. by Matts · · Score: 5, Insightful

    This is a common misconception by geeks who are smug because they didn't get infected with Sobig.

    Sobig didn't use any exploits. It was just a plain old .EXE attached to an email. Outlook prompted the user when they tried to run it telling them that exes often contain viruses. But they still ran it.

    This behaviour is the same in Thunderbird and other windows mail clients. It's even the same in Apple's Mail.app.

    Don't be a bigot and assume you're immune because you don't run Outlook.

    --

    Matt. Want XML + Apache + Stylesheets? Get AxKit.
  4. Re:Filters! - A Solution by Hyperbolix · · Score: 2, Insightful
    There is actually a way to block this kind of thing using procmail and a copy of a valid message sent by the user or some information from their mail program settings. Here is why:

    - The bounce back messages will always contain an SMTP status code like 5.1.1 (for user unknown).

    - If the message that caused the bounce back really originated from the user, then the bounce back message will contain the user's Display Name as set in his or her email program (often Outlook Express). The display name can also be found in the "From" line next to the real email address, if you only have a legit message from the user and don't have access to information from his or her settings.

    - If the message that caused the bounceback did not originate from the user, then that Display Name will not be present in the bounce back message.

    Therefore, if a user's Display Name is "Foo Bar", and their email address is not the same as the Display Name (for example farboo@some.place), the following procmail script will stop most bounce back messages triggered by messages that did not originate from the user's computer, and should allow those that did:

    :0 HB
    * ^FROM_MAILER
    * Status: 5.1.1
    * ! Foo Bar
    /home/farboo/mail/viruses

    This would be placed in a .procmailrc file in the user's home directory and would only work if your mail server uses procmail for delivery. Also, I must mention that no content based filtering (such as this) can be 100% accurate.

    Am I good? Am I good? I'm good. (Does a little dance).

    - J. B.