Re: mymail worm

To: debian-user@lists.debian.org
Subject: Re: mymail worm
From: Brian Potkin <brian@copernicus.demon.co.uk>
Date: Thu, 5 Feb 2004 00:26:47 +0000
Message-id: <[🔎] 20040205002646.GG28425@copernicus>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <[🔎] 20040204141055.GB1830@droitwichbox.dyndns.org>
References: <[🔎] 20040204015932.GB25786@brain.pulsesol.com> <[🔎] 20040204141055.GB1830@droitwichbox.dyndns.org>

On Wed, Feb 04, 2004 at 02:10:55PM +0000, Pigeon wrote:

> On Wed, Feb 04, 2004 at 01:59:32AM +0000, Antony Gelberg wrote:

[Snip]

> > Anyone have a similar rule to nuke this new mymail worm?  I have some
> > samples if anyone can tell me how to analyse them to paste the correct
> > thing in the BD line.
> 
> This beastie doesn't set the Message-Id: header. I find I can zap it
> quite happily by looking for Message-Id: headers that have been added
> by my ISP's mail relay; the following mailfilter rule works:
> 
>   DENY=^Message-Id:.*<.*@store[0-9]\.mail\.uk\.easynet\.net>
> 
> ...adjust to fit your ISP's relay and translate to procmailese.

I use an identical rule in my mailfilterrc, or did until five minutes
ago.  Its now commented out.

Its usefulness in deleting spam and mail associated with the mymail worm
before downloading it has been offset by the deletion of a small number
of legitimate mails, including one a few minutes ago.  The originating
mail server should have added a Message-Id but for some reason some
don't.  Effective the rule might have been but I'd rather not lose mail.

Brian.

Reply to:

Follow-Ups:
- Re: mymail worm
  - From: Wayne Topa <brittman@capital.net>

References:
- mymail worm
  - From: Antony Gelberg <antony@antgel.co.uk>
- Re: mymail worm
  - From: Pigeon <jah.pigeon@ukonline.co.uk>

Prev by Date: Re: being hacked? - hatches/hardening
Next by Date: Re: cdrecord priority
Previous by thread: Re: mymail worm
Next by thread: Re: mymail worm
Index(es):
- Date
- Thread