[unisog] Sendmail Filter for Sircam

Russell Fulton r.fulton at auckland.ac.nz
Wed Aug 8 01:05:06 GMT 2001


On Tue, 31 Jul 2001 12:07:08 -0400 (EDT) Jose Nazario 
<jose at biocserver.BIOC.cwru.edu> wrote:

> On Tue, 31 Jul 2001, David Lundy wrote:
> 
> > I am getting a lot of Sircam infected email.  Our email gateway is
> > sendmail, but we have no filtering in place.  Does anyone have a
> > pointer to a milter for Sircam or information on filtering for this or
> > other rogue email?
> 
> the generic procmail sanitizer will prevent infection by defanging the
> double extensions (ie .doc.exe). you can easily tweak it to sync on the
> message body and kill it on the basis of that.
> 
> http://www.impsec.org/email-tools/procmail-security.html
> 
> enjoy. almost no tweaking to the sendmail setup, maybe a change of Mprog
> to procmail ...
> 

Hmmm... can we use this procmail on a relay?  Our MX records point to 
two machine that then relay mail on to other host on campus and it is 
these two machine that we would want to do filtering. 

We are currently looking at Inflex to do this.

We also have a large server running cyrus IMAP and POP for delivering 
mail to users.  I know cyrus does not use 'standard' mail box formats 
and I assume that it has its own local delivery agent which is started 
from sendmail.  

Could we use procmail in conjunction with cyrus? (assuming that we have 
the resources -- which I doubt).


Russell Fulton, Computer and Network Security Officer
The University of Auckland,  New Zealand



More information about the unisog mailing list