/dev/null filling up

nicholas on 2003-08-28T21:59:06

I tire of SOBIG
70K and counting
will it ever stop?


Sure...

Matts on 2003-08-29T07:52:06

Just install qpsmtpd. I haven't seen a Sobig enter my network yet.

Re:Sure...

nicholas on 2003-08-29T10:19:40

Just

It's not my machine, and I'm not root. plum is doing a lot of stuff for various other domains, users and lists, and probably quite a lot of that has grown to assume exim. Now, if exim can be configured to 550 connections that get pushy before HELO, that would probably be as good (given that robrt has suggested that this is the aspect of qpsmtpd that happens to outwit Sobig)

Re:Sure...

Matts on 2003-08-29T15:05:58

That, and that sobig is identified by qpsmtpd's sobig plugin.

Re:Sure...

nicholas on 2003-08-29T15:23:33

Mine is identified by procmail based on some headers and the subject. My count is of messages automatically filed in /dev/null (and is now 83000 - it was actually 77000 when I wrote the haiku, but that number has too many sylables).

My problem is actually with the bounce messages and stupid scanners, which are variable messages, not easy to spot, and are sent by real MTAs that unlike Sobig speak the RFCs without a telltale accent.

Re:Sure...

Matts on 2003-08-29T15:32:03

Except I wish they were a bit more RFC compliant and send with an envelope sender of "<>". That way I could just dump them on the floor like I do all other DSNs (yes, I'm aware that this is probably bad practice).

Re:Sure...

nicholas on 2003-08-29T14:03:07

Actually, thinking about this, the original haiku didn't express the problem properly

Virus scan reports
about mail I did not send
from mindless filters

mailbox full bounces,
"attachment blocked, please use zip",
user not known here

worm goes to /dev/null
rest not easy to filter,
drown out my real mail

too much robot mail
where have all the humans gone?
I feel all alone

(hopefully I counted the sylables correctly)