[CLUE-Tech] Mail Delivery (failure clue-tech@clue.denver.co.us)
Jed S. Baer
thag at frii.com
Thu Jul 8 12:23:14 MDT 2004
On Thu, 8 Jul 2004 13:40:23 -0400
"Roy J. Tellason" <rtellason at blazenet.net> wrote:
> > The list management software we use, GNU Mailman, does not, AFAIK,
> > have the capability to strip attachments. Perhaps the newer version of
> > it does. We will be migrating to the newer version when we move to our
> > new server.
>
> Hm. I'm not familiar with it, but I would think that dealing with
> this issue is an important consideration.
We're discussing it on the admin list.
> Was that in fact a virus?
Well, my ISP identified it as NetSky.
> Any thoughts about how I might trace where in fact these are coming
> from? And what might be done about them?
Well, from an end-user on a list point of view, I don't know. You can
always examine the full headers, and check the earliest Received: entries.
Then do a whois lookup to see whom to complain to. In this case:
Received: from clue.denver.co.us (proxy-sabata-ejp.powernet.cz
[193.109.183.94])
by clue.denver.co.us (8.9.3/8.9.3) with ESMTP id FAA14151
for <clue-tech at clue.denver.co.us>; Thu, 8 Jul 2004 05:28:50 -0600
$ whois 193.109.183.94 at whois.ripe.net
inetnum: 193.109.176.0 - 193.109.183.255
netname: POWERNET-CZ
descr: EN-DATA a.s.
descr: Czech republic
country: CZ
[snip]
no abuse address listed.
> Or better yet some way to automate dealing with them? It'd be neat if
> kmail saw something like this coming in and could just forward it to
> abuse at wherever from the _real_ source address, but I don't think my
> simple attempts to deal with filtering just now are quite up to that
> task just yet.
I don't know about KMail. One could do various things using fetchpop and
procmail, I suppose. Or formail if your MUA uses mbox format (or even if
not? I don't know). Piping incoming e-mail through a Perl script to
examine the envelope, etc. might be useful (which you could do using
procmail). But I wouldn't want it totally automated. Yeah, it'd be great
to have an MUA which provided a "process using command" capability for any
message.
FWIW, I've had a considerable lack of success reporting e-mail abuse.
Regrettable, but true. Since this is a virus, maybe the ISP would be
willing to do something about the user? Or, maybe already has.
jed
--
http://s88369986.onlinehome.us/freedomsight/
... it is poor civic hygiene to install technologies that could someday
facilitate a police state. -- Bruce Schneier
More information about the clue-tech
mailing list