9/20 Christ, I have gotten literally hundreds of these emails purporting
to be a Microsoft patch. I am running SpamAssassin, but this is well
crafted. Yet, I read it is "easy to filter out" if you are running
a mail server. Cannot soda block this?
\_ It would indeed be "easy" to block this at a server level, but, to
\_ The following rules seem to work for me:
:0 w:
* ^Subject:.*(Microsoft|Net).*(Security|Critical|Patch).*
/dev/null
:0 Dw:
* ^SUBJECT.*
/dev/null
\_ Maybe I'm reading this wrong but wouldn't this second one
delete all your mail sight unseen?
\_ hmm... I guess that's one way to keep all the spam out
\_ D -> case sensitive match. Most of the M$ spam uses
SUBJECT: as the subject header, so I just trash that.
Mail that uses Subject: as the subject header still
gets through.
\_ The current outbreak finally got me to get procmail going.
Here's a recipe I got from Usenet that trashes all messages
with executable attachments:
:0B
* ^Content-[-a-z0-9_]+:.*($[ ].*)*=[ ]*($[ ]+)*"?[^\
"]*\.(ad[ep]|asd|asx|bat|chm|cil|cmd|com|dat|dll|dot|eml|exe|hlp|hta|inf|jse?|ln\
k|md[aew]|ms[ip]|ocx|pif|p[lm]|p[po]t|pps|reg|sc[rt]|sh[bs]|vb[se]?|wm[szd]|ws[c\
efh]|xl[wt]|\{[0-9a-f-]+\})\>
/dev/null
\_ As long as you're going to filter every obscure .ext you might
as well toss in .btm.
go back to the old mantra, this is a volunteer-run machine. Keeping
up with spam/virus screen has become a full time position in many
organizations. With the csua, as is stated on the application form,
you're expected to have some sort of a clue on how to deal with this
stuff. Also, to start a new mantra, server side email screening
attempts almost always piss off more people than they please. Read
up on procmail. --scotsman
\_ otoh, it's in a sysadmin's interest to block the major windows
worms, because there are bound to be people who can't learn
procmail in the hour in might take for their quotas to fill up.
besides, worm mail is a specific target that's easy enough to
handle and there isn't a new outbreak every day.
\_ Doesn't matter. Slippery slope and all that. Take some
personal responsibility (remember the part about having some
sort of clue?), educate yourself, and be glad you have access
to a machine like this. There are some incredible technical/
personal/professional networking oppurtunities through the
csua, but not when everyone gets bitchy because of inflated
expectations. --scotsman
\_ You're sounding very libertarian or republican with all
that BushCo talk of personal responsibility.
\_ there's a wide distinction between a student
organisation at a university and the federal
government. Amusing troll, though. --scotsman
\_ So now you're saying we should take personal
responsibility at the personal level but at the
government level we should make someone else take
care of us? Call it a troll if you like. It doesn't
change the fact that you were espousing libertarian
ideals and then knee-jerked away when caught.
\_ Hardly. When you signed on to this organisation,
you agreed to clauses that said basically you
wouldn't be a pest. My personal politics do
not enter into this discussion at all. My views
of civic governance have next to no relation to
my view of the csua (of which I was a governing
member for 3[?] semesters. --scotsman
\_ Asking the csua admins to filter some crap is
helpful to everyone, not being a pest. You
did a nice dance but you're still a libertarian
but I think you're still ok despite that.
\_ procmail recipe.
\_ The following rules seem to work for me:
:0 w:
* ^Subject:.*(Microsoft|Net).*(Security|Critical|Patch).*
/dev/null
:0 Dw:
* ^SUBJECT.*
/dev/null
\_ Maybe I'm reading this wrong but wouldn't this second one
delete all your mail sight unseen?
\_ hmm... I guess that's one way to keep all the spam out
\_ D -> case sensitive match. Most of the M$ spam uses
SUBJECT: as the subject header, so I just trash that.
Mail that uses Subject: as the subject header still
gets through.
\_ The current outbreak finally got me to get procmail going.
Here's a recipe I got from Usenet that trashes all messages
with executable attachments:
:0B
* ^Content-[-a-z0-9_]+:.*($[ ].*)*=[ ]*($[ ]+)*"?[^\
"]*\.(ad[ep]|asd|asx|bat|chm|cil|cmd|com|dat|dll|dot|eml|exe|hlp|hta|inf|jse?|ln\
k|md[aew]|ms[ip]|ocx|pif|p[lm]|p[po]t|pps|reg|sc[rt]|sh[bs]|vb[se]?|wm[szd]|ws[c\
efh]|xl[wt]|\{[0-9a-f-]+\})\>
/dev/null
\_ As long as you're going to filter every obscure .ext you might
as well toss in .btm. |
http://csua.com/feed/