[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vps-mail] how to block machine originated bounces in sendmail

Subject: Re: [vps-mail] how to block machine originated bounces in sendmail
From: Abigail Marshall <abigail@xxxxxxxxxxxx>
Date: Thu, 27 May 2004 13:53:15 -0700

MF> viruses & trojansc are producing a hugh number of
MF> bounces. Is there a way to block "machine"-originated
MF> bounces with sendmail/procmail?

procmail doesn't "block" - but you can /dev/null the
messages with appropriate procmail recipes. It's tricky
because all the different machine-originated bounces look
different, but basically what you do is set up a recipe &
add to it or modify as needed.

I have one that looks like this. It is NOT very efficiently
drafted & I don't particularly recommend it - I'm sure
someone else could come up with something a lot neater - but
it does at least get rid of a lot of stuff. The reason my
recipes are such a mess is simply that it's easier for me to
add a new line than to really give a lot of thought to
creating something more comprehensive that would avoid false
positives.

-Abigail

My recipes follow:

# Virus warnings & bounces from other servers
:0
* 1^0 H ?? ^From:.*Mail\.Sweeper
* 1^0 H ?? ^From:.*Symantec_AntiVirus_for_SMTP_Gateways
* 1^0 H ?? ^Subject:.*Antigen found VIRUS
* 1^0 H ?? ^Subject:.*Virus.*(found|detected).*(message|email)
* 1^0 H ?? ^Subject:.*message contains.*virus
* 1^0 H ?? ^Subject:.*Re:.*Wicked screensaver
* 1^0 H ?? ^Subject:.*Undeliverable:.*Re:.*That movie
* 1^0 H ?? ^Subject:.*WARNING\!.*Virus detected
* 1^0 H ?? ^Subject:.*ATENCION:.*ALERTA DE VIRUS
* 1^0 H ?? ^Subject:.*Disallowed attachment type found in sent message
* 1^0 H ?? ^Subject:.*American Express has quarantined
* 1^0 H ?? ^Subject:.*Warning:.*antivirus system report
* 1^0 H ?? ^Subject:.*QuantumResources.*Virus Notification
* 1^0 H ?? ^Subject:.*ScanMail.*virus found.*action taken
* 1^0 H ?? ^Subject:.*eTrust Antivirus Gateway.*Virus notification 
* 1^0 H ?? ^Subject:.*InterScan NT Alert
* 1^0 H ?? ^Subject:.*Virus Alert.*ScanMail
* 1^0 H ?? ^Subject:.*(Norton AntiVirus|MailMarshal|ScanMail) detected.*virus
* 1^0 B ?? Unrepairable Virus Detected
* 1^0 B ?? mail message.*you sent.*contains.*virus
* 1^0 B ?? ^Found virus.*in file
* 1^0 B ?? ^Captured by McAfee antivirus
* 1^0 B ?? ^Our virus detector has just been triggered
{
        LOG="Virus Bounces "
        :0 
        /dev/null

======================================================================
This is <vps-mail@xxxxxxxxxxxx>       <http://www.perlcode.org/lists/>
Before posting a question, please search the archives (see above URL).

References:
- [vps-mail] how to block machine originated bounces in sendmail
  - From: Martin Fischer

Prev by Date: Re: Re[2]: [vps-mail] Dramatic increase of spam during last days
Next by Date: Re[3]: [vps-mail] Dramatic increase of SPAM during last days
Previous by thread: [vps-mail] how to block machine originated bounces in sendmail
Next by thread: [vps-mail] Installing SCBL for sendmail - need help, please
Index(es):
- Date
- Thread

Main Index | Thread Index