Slash Boxes
NOTE: use Perl; is on undef hiatus. You can read content, but you can't post it. More info will be forthcoming forthcomingly.

All the Perl that's Practical to Extract and Report

The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
More | Login | Reply
Loading... please wait.
  • Just install qpsmtpd. I haven't seen a Sobig enter my network yet.
    • Just

      It's not my machine, and I'm not root. plum is doing a lot of stuff for various other domains, users and lists, and probably quite a lot of that has grown to assume exim. Now, if exim can be configured to 550 connections that get pushy before HELO, that would probably be as good (given that robrt [] has suggested that this is the aspect of qpsmtpd that happens to outwit Sobig)

      • That, and that sobig is identified by qpsmtpd's sobig plugin.
        • Mine is identified by procmail based on some headers and the subject. My count is of messages automatically filed in /dev/null (and is now 83000 - it was actually 77000 when I wrote the haiku, but that number has too many sylables).

          My problem is actually with the bounce messages and stupid scanners, which are variable messages, not easy to spot, and are sent by real MTAs that unlike Sobig speak the RFCs without a telltale accent.

          • Except I wish they were a bit more RFC compliant and send with an envelope sender of "<>". That way I could just dump them on the floor like I do all other DSNs (yes, I'm aware that this is probably bad practice).