Re: merkwürdige E-Mails
> On Sun, 05 Oct 2003 18:20:36 +0200, Ingo Juergensmann
> <debian@2003.bluespice.org> wrote:
>
>> On Sat, Oct 04, 2003 at 05:53:31PM +0200, Markus Maiwald wrote:
>>
>>> Gibt es da vielleicht filter fuer pop3/imap die zwischen Server und
>>> Client
>>> sitzen??
>>
guckst du hier: http://www.impsec.org/email-tools/procmail-security.html
hab den sanitizer installier (debian packet)
nach der anleitung auf der webseite konfigurieren und die entsprechenden
filter installieren.
dann schickt er die mails druch procmail und sortiert eine menge aus und
schickt dem absender eine nette nachrischt, er möge mal sein system
überprüfen:
----------------------------------------------------------------------------
Subject: Re: Undeliverable Message: User unknown
From: "Procmail Security daemon" <postmaster@ww-clan.com>
Date: Tue, October 7, 2003 21:28
To: silvia.candiotto@tin.it
Priority: Normal
Options: View Full Header | View Printable Version | View Message details
----------------------------------------------------------------------------
*** SECURITY WARNING ***
Our email gateway has detected that your message to
<spitfire@ww-clan.com>
MAY contain hazardous embedded scripting or attachments,
or has been rejected by our site security policy for some other reason.
If you have a question, please reply to this notification message.
It is POSSIBLE that your message was infected by a virus.
You should make sure your virus signature file
is up-to-date and then rescan your computer,
especially if you do not remember sending this message.
If the macro scanner score is large yet your virus scanner reports
that the document is not infected, try saving it using a different
format (such as Rich Text - "RTF") that will remove all macros.
REPORT: Trapped swen variant worm -
http://securityresponse.symantec.com/avcenter/venc/data/w32.swen.a@mm.html
REPORT: Not a document, or already poisoned by filename. Not scanned for
macros.
STATUS: Message discarded, not delivered to recipient.
Headers from message:
> From silvia.candiotto@tin.it Tue Oct 07 21:28:31 2003
> Return-path: <silvia.candiotto@tin.it>
> Envelope-to: spitfire@ww-clan.com
> Delivery-date: Tue, 07 Oct 2003 21:28:31 +0200
> Received: from mail by noname.ww-clan.com with spam-scanned (Exim 3.36
#1 (Debian))
> id 1A6xVW-0000kM-00
> for <spitfire@ww-clan.com>; Tue, 07 Oct 2003 21:28:31 +0200
> Received: from natmx01.rzone.de ([81.169.145.162])
> by noname.ww-clan.com with esmtp (Exim 3.36 #1 (Debian))
> id 1A6xVW-0000kH-00
> for <spitfire@ww-clan.com>; Tue, 07 Oct 2003 21:28:30 +0200
> Received: from vsmtp4.tin.it (vsmtp4.tin.it [212.216.176.224])
> by mailin.webmailer.de (8.12.10/8.12.10) with ESMTP id
h97JST6M028578
> for <christian@borchi.de>; Tue, 7 Oct 2003 21:28:29 +0200 (MEST)
> Received: from fqkqk (212.171.157.29) by vsmtp4.tin.it (7.0.019)
> id 3F7986AC004C25D1; Tue, 7 Oct 2003 21:18:11 +0200
> Date: Tue, 7 Oct 2003 21:18:11 +0200 (added by postmaster@virgilio.it)
> Message-ID: <3F7986AC004C25D1@vsmtp4.tin.it> (added by
postmaster@virgilio.it)
> FROM: "" <qmailrobot@aol.com>
> TO: "inet recipient" <receiver@emaildomain.com>
> SUBJECT: Undeliverable Message: User unknown
> Mime-Version: 1.0
> Content-Type: multipart/alternative;
> boundary="eaybtb"
> X-Spam-Checker-Version: SpamAssassin 2.60 (1.212-2003-09-23-exp) on
> noname.ww-clan.com
> X-Spam-Level: ****
> X-Spam-Status: No, hits=4.2 required=5.0 tests=BAYES_44,HTML_MESSAGE,
> HTML_RELAYING_FRAME,MICROSOFT_EXECUTABLE,MIME_HTML_NO_CHARSET,
> MIME_HTML_ONLY,MIME_HTML_ONLY_MULTI,MIME_SUSPECT_NAME,NO_REAL_NAME
> autolearn=no version=2.60
> X-Content-Security: [noname] NOTIFY
> X-Content-Security: [noname] DISCARD
> X-Content-Security: [noname] REPORT: Trapped swen variant worm -
http://securityresponse.symantec.com/avcenter/venc/data/w32.swen.a@mm.html
--
Message sanitized on noname
See http://www.impsec.org/email-tools/sanitizer-intro.html for details.
----------------------------------------------------------------------------
also ich finde das teil gut...
bis denne christian
Reply to: