At 15:51 +0800 8/13/2003, ketvin wrote:
>This is a multi-part message in MIME format.
>--
>--
>[ Picked text/plain from multipart/alternative ]
>Hi, I am having problem with the famous MiMail virus that send
>admin@??? emails. How do I block any email that is started with
>"admin" ? And is there anyway to protect Exim from that virus?
Well, I'm the one who sends (used to send) mail from admin@???,
used only when talking with other admins. So...
We let our virus scanner catch the actually-infected messages. Then, after
the mail has gone through that it re-enters Exim from a specific localhost
IP and port, and our system filter freezes any remaining admin@???
senders.
So far, looking at the frozen messages, we've seen messages of about 1.7K,
which are everything from these messages except the attachment (and are
coming from comcast.com, nextel.??? and a few other servers), and messages
of just under 1K which are empty after the headers.
The systemFilter stanza is being kept mostly as a line of defense against
the virus scanner starting to miss these messages.
If I ever again do send from admin@???, I'll just force delivery.
More likely, I'll create some other role account to send from. (I created
admin when the Livingston/Lucent Portmasters we use started logging
administrative logins to the pseudo user "admin". To prevent a new user
setting up an account named admin, I created an alias pointing admin to me.
(Our signup system prevents such collisions.)
Now, about that credit card charge for money layndry[sic] services.... ;-(
--John
--
John Baxter jwblist@??? Port Ludlow, WA, USA
