procmail
[Top] [All Lists]

Re: will the list admin please firewall 203.197.156.192 - 207

2004-02-02 09:50:42
TopPost:

For the benefit of the subscribers (like me) who don't know, would you
please tell us what authorities you possess in regard to the
monitoring/admin of this list?

Also, I would appreciate it if you would spend less time "lecturing" and
just answer the questions you feel like responding to, no matter what your
"powers of authority" may be.

At 07:44 PM 2.1.2004 -0800, Professional Software Engineering wrote:
At 17:32 2004-02-01 -0800, Dan Hollis wrote:
This avalanche of viruses is getting old.

1. The listadmin IS NOT a subscriber to this list.

2. While I have access to the LIST config (to deal with users who run 
vacation scripts and whatnot), the original purpose of obtaining 
administrative access to the list config was to deal with problem users 
(vacation messages and the like), not to tweak the general list 
configs.  I've sent a message to the listadmin, notifying him of changes I 
believe should be made (namely, reject ALL multipart and text/html 
messages, which will inconvenience some users who insist on sending 
PGP/MIME messages, but is for the greater good).  Hopefully, I'll hear back 
from him soon.

3. If you examine the headers for the messages through the procmail list, 
you should discover that mail travels through several hosts before it 
reaches the lists host.  I'm somewhat doubtful that the listadmin is 
necessarily in a position to firewall individual addresses -- and even if 
they were, it is really only a stopgap measure - this could have been 
ANYONE, and by the time the admin catches wind of it, the damage has been
done.

4. I searched the subscriber list (geez, there's like 40 people using 
"procmail@" as the user portion of their subscription address), and found a 
whopping *ONE* user with a .in address.  And waddya know, that's the SAME 
ISP which the IP address is delegated to.  I've sent their abuse address a 
message directing them to do something about that user's connectivity until 
the user is no longer a hazard to the rest of the internet.

5. You're preaching to the choir telling the list how annoying the virus is.

Note that the infection originated from a single IP address (all *30* of 
the messages sent to the list, and every one of the messages fired off at 
me prior to my adding the address to a DNSBL), so perhaps the gods of the 
internet might see fit to exploiting the backdoor the virus installed, and 
use it to shut down the infected host or basically impose a 
self-firewalling...  It isn't like it appears to be a moving target.

---
 Sean B. Straw / Professional Software Engineering

 Procmail disclaimer: <http://www.professional.org/procmail/disclaimer.html>
 Please DO NOT carbon me on list replies.  I'll get my copy from the list.


_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail



Best regards,
Jack L. Stone,
Administrator

Sage American
http://www.sage-american.com
jacks(_at_)sage-american(_dot_)com

_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail