Stories
Slash Boxes
Comments

NOTE: use Perl; is on undef hiatus. You can read content, but you can't post it. More info will be forthcoming forthcomingly.

use Perl

All the Perl that's Practical to Extract and Report

perl.org: now more absorbent More | Login | Reply

The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

Without JavaScript enabled, you might want to use the classic discussion system instead. If you login, you can remember this preference.

configuration changes (Score:2, Interesting)

by WebDragon (1204)

not knowing a whole lot about mailserver configuration, I'd be very interested in knowing specifically what changes you had to make to the system in order to detect-and-absorb the mydoom stuff without also getting false-positives in the process. I mean, even spamassassin misses a few, or is overzealous on rare occasions.

And, if you've managed a 100% solution, a config file diff might also go a long way towards helping other admins (who also are not mailserver gurus :) do the same and thus further reduce th
- Re:configuration changes (Score:4, Interesting)
  
  by Robrt (1414) on 2004.02.06 13:27 (#28143) Journal
  
  We're using a hacked up qpsmtpd [develooper.com] (soon to be rolled back into the main dist). Basically, we have a rule that matches mydoom, and directs it to a folder.
  
  The rule is overly liberal right now - getting hit with 2 of these a second, spamassassin and clamav would grind us to a halt. But that's ok.
  
  Of the 25000 emails caught in my mydoom filter in the past 13 hours, there are 1322 unique (case insensitive) subject lines. None of them look like anything someone will miss.
  
  Reply to This
  
  Parent

Get More Comments

Stories, comments, journals, and other submissions on use Perl; are Copyright 1998-2006, their respective owners.