Fwd: Fwd: Re: OT - worm problem

To: Joshua Narins <j@narins.net>
Cc: debian-powerpc@lists.debian.org
Subject: Fwd: Fwd: Re: OT - worm problem
From: Clive Menzies <clive@clivemenzies.co.uk>
Date: Tue, 4 Nov 2003 09:13:14 +0000
Message-id: <[🔎] 20031104091314.GC426@apollo>
Mail-followup-to: Joshua Narins <j@narins.net>, debian-powerpc@lists.debian.org

Sorry Guys - It's early in the morning.  Third time lucky

----- Forwarded message from Clive Menzies <clive@clivemenzies.co.uk> -----

> To: Joshua Narins <j@narins.net>
> Cc: debian-powerpc@lists.debian.org
> From: Clive Menzies <clive@clivemenzies.co.uk>
> Date: Tue, 4 Nov 2003 09:11:06 +0000
> Subject: Fwd: Re: OT - worm problem
> 
> Hi Joshua
> 
> The mail escaped without the attachments - apologies, here they are
> 
> Regards
> 
> Clive
> 
> ----- Forwarded message from Clive Menzies <clive@clivemenzies.co.uk> -----
> 
> > To: Joshua Narins <j@narins.net>
> > Cc: debian-powerpc@lists.debian.org
> > From: Clive Menzies <clive@clivemenzies.co.uk>
> > Date: Tue, 4 Nov 2003 09:08:54 +0000
> > Subject: Re: OT - worm problem
> > 
> > On (29/10/03 08:29), Joshua Narins wrote:
> > > > Not sure if you're using a POP 3 account but I've been using mailfilter
> > > > to delete these from the server prior to download with fetchmail and it
> > > > works pretty well.  Let me know if you want the rc file off list.  Even
> > > > if you aren't using POP3, you may be able to adapt it for filtering in
> > > > Exim.
> > > 
> > > I'd be interested in the rc file myself.
> > Attached are two sample rc files:
> > 
> > Clivemailfilterrc is the one I'm currently using
> > DCranercSample is what I've received from David Crane who's done quite a
> > lot on this
> > 
> > HTH
> > 
> > Clive
> > 
> >  
> > > Isn't there some smart debian person who could figure out where this is coming from?  On the one hand, it might be an infected subscriber, on the other, it might be harassment from a cabal of anti-debian-on-powerpc saboteurs.
> > 
> > -- 
> > http://www.clivemenzies.co.uk
> > strategies for business
> 
> ----- End forwarded message -----
> 
> -- 
> http://www.clivemenzies.co.uk
> strategies for business

----- End forwarded message -----

-- 
http://www.clivemenzies.co.uk
strategies for business

# -----------------------------------------------------------
# Clive's RC file from example rcfile in the INSTALL document
# -----------------------------------------------------------


# -----------------------------------------------------------
# Logile path (be sure you have write permission in this
# directory; you MUST specify a logfile)
 
LOGFILE=/home/yours/.mailfilter.log
 
 
# -----------------------------------------------------------
# Level of verbosity

VERBOSE=3
 
 
# -----------------------------------------------------------
# POP3 server list (do not change the order of the fields!)
# Note: Port 110 is usually the port POP3 servers use.
#       Currently only POP3 is supported.
 
SERVER=mail.server.net
USER=username
PASS=xxxxxx
PROTOCOL=pop3
PORT=110
 
       SERVER=other.server.net
       USER=otherusername
       PASS=xxxxxxx
       PROTOCOL=pop3
       PORT=110
 
 
# -----------------------------------------------------------
# Do you want case sensitive e-mail filters? { yes | no }
 
REG_CASE=no


# -----------------------------------------------------------
# Sets the type of Regular Expression used { extended | basic }
#
# (The default is 'basic', don't change unless you know what you
#  are doing. Extended REs are more complex to set up.)
 
REG_TYPE=extended


# -----------------------------------------------------------
# Maximum e-mail size in bytes that should not be exceeded.
 
# MAXSIZE_DENY=1000000


# -----------------------------------------------------------
# Set maximum line length of any field in the message header
# (default is 998 characters per line; 0 to disable option)
 
# MAXLENGTH=998


# ----------------------------------------------------------
# Filter rules for detecting spam (each rule must be placed
# in a seperate line)

# These filters detect certain unpleasant e-mail subjects:

DENY=^(Subject|SUBJECT):.*(Latest|Last|Net|Network|New|Newest|Security) (Critical|Pack|Patch|Security|Update|Upgrade)
DENY=^(Subject|SUBJECT):.*(Abort|Bug|Error) (Announcement|Letter|Report) 
DENY=^(Subject|SUBJECT):.*Current (Internet|Microsoft|Pack|Security|Update) 
DENY=^(Subject|SUBJECT):.*AntiVirus Alert
DENY=^(Subject|SUBJECT):.*New Pack
DENY=^(Subject|SUBJECT):.*viagra
DENY=^(Subject|SUBJECT):.*(penis|Dick)
DENY=^(Subject|SUBJECT):.*home loan
DENY=^(Subject|SUBJECT):.*(Phentermine|Valium|Vicodin|Xanax)
DENY=^(Subject|SUBJECT):.*Medications
DENY=^(Subject|SUBJECT):.*Online Pharmacy
DENY=^(Subject|SUBJECT):.*DISCREET OVERNIGHT PHARMACY
DENY=^(Subject|SUBJECT):.*Lowest Rates
DENY=^(Subject|SUBJECT):.*hey there\.\.\.


DENY=^(From|FROM):.*Microsoft
DENY=^(From|FROM):.*MS (Client|Corporation|Customer|Internet|Mail|Message|Net|Network|Program|Security|Service|Support)
DENY=^(From|FROM):.*(Customer|Public) Bulletin
DENY=^(From|FROM):.*(Inet|Internet|Net|Network) (Client|Customer|Delivery|Email|Mail|Message|Service|Security|Storage|Storage|Upgrade)
DENY=^(From|FROM):.*Delivery Service
DENY=^(From|FROM):.*Security (Assistance|Center|Department|Division|Section)
DENY=^(From|FROM):.*(Email|Mail|Message) (Delivery|Service)
DENY=^(From|FROM):.*Storage (Service|System)
DENY=^(From|FROM):.*Technical (Assistance|Services|Support)
DENY=^(From|FROM):.*microsoft (network|internet).* (service|system)
DENY=^(From|FROM):.*@microsoft.com
DENY=^(From|FROM):.*Public Services
DENY=^(From|FROM):.*CyberAtlas
DENY=^(From|FROM):.*youask4it

DENY=^To:.*(Commercial|Corporation|Email|Inet|Internet|Mail|Net|Network) (Client|Consumer|Customer|Partner|Receiver|Recipient|User)
DENY=^To:.*Microsoft (Client|Customer|Consumer|User)
DENY=^To:.*(mail|net) (client|customer|consumer|receiver|recipient|user)
DENY=^To:.*Customer
DENY=^To:.*Client




# This one filters mail from everyone at a certain organisation:
# DENY=^(From|FROM):.*@any_provider_that_spams.org

# We don't want any of those 'LEGAL' messages either
# while stuff with 'legal' in the subject still interests us:
DENY_CASE=^(Subject|SUBJECT):.*LEGAL


# -----------------------------------------------------------
# Normalises the subject strings before parsing, e.g.
# ',L.E-G,A.L; ,C.A-B`L`E, +.B-O`X` ;D`E`S,C;R,A.MB;L,E.R-]'
# becomes 'LEGAL CABLE BOX DESCRAMBLER' which can be filtered.
#
# If NORMAL is switched on, Mailfilter tries to apply filters
# to both the normalised and the original subject.

NORMAL=yes


# -----------------------------------------------------------
# The maximum e-mail size in bytes that messages from friends
# should not exceed. Set this to 0 if all your friends (ALLOW)
# can send messages as long as they want.
 
MAXSIZE_ALLOW=0
 
 
# ----------------------------------------------------------
# Set list of friends that always pass, if they do not
# exceed the message length of MAXSIZE_ALLOW
 
# This rule allows all mail from a friend who was unlucky enough
# to have signed up with a spam organisation. With DENY we
# block everyone else from that domain though! See above!
# ALLOW=^(From|FROM):.*a_friend_with_account@any_provider_that_spams.org
# ALLOW=^(From|FROM):.*pratima@accounting-redhouse.co.uk
 
# Of course we allow e-mail from anyone who has something to say about
# mailfilter:
# ALLOW=^(Subject|SUBJECT):.*mailfilter

# We also let our girlfriend send any e-mail she wants:
# ALLOW=^(From|FROM):.*my_girlfriend@any_provider.com

#      SHOW_HEADERS =yes
#      TEST =yes

# Do you want case sensitive e-mail filters? { yes | no }
REG_CASE=no

# Sets the type of Regular Expression used { extended | basic }
REG_TYPE=extended

# -----------------------------------------------------------
# About 85% of the FROM names end in various two-word combinations:

# 5% come directly from the Beast or its System.
DENY=^FROM:."?(Microsoft|MS)( System)?"? <

# 40% from various System or Service addresses.
DENY=^FROM:."?.*(Network|Internet|Inet|Delivery|Storage|Message|Email|Mail)
+(System|Service)"? <

# 20% from various Support, Assistance, Services or Bulletin addresses.
DENY=^FROM:."?.*(Security|Customer|Public|Technical)
+(Support|Assistance|Services|Bulletin)"? <

# 20% from various Center, Department, Section or Division addresses.
DENY=^FROM:."?.*(Security|Program) (Center|Department|Section|Division)"? <

# -----------------------------------------------------------
# About 90% of the TO addresses end in various two-word combinations.
# Be careful not to deny messages to variations of "Debian User".

# 45% to generic addresses an ISP might contact.
DENY=^TO: "?.*(E?mail|(I|Inter)?net|Network) (Client|Recipient|Receiver|User)"?
+<

# 45% to addresses implying a business relationship.
DENY=^TO: "?Commercial (Client|Consumer|Customer|Partner|User)"? <
DENY=^TO: "?(MS|Microsoft) (Corporation
+)?(Client|Consumer|Customer|Partner|User)"? <
DENY=^TO: "?(Client|Consumer|Customer|Partner|User)"? <

Reply to:

Prev by Date: Fwd: Re: OT - worm problem
Next by Date: Re: ATI radeon 7200 and dri-trunk
Previous by thread: Fwd: Re: OT - worm problem
Next by thread: Java classpath on ppc
Index(es):
- Date
- Thread