[9fans] upas/vf - David Presotto

9fans - fans of the OS Plan 9 from Bell Labs
 help / color / mirror / Atom feed

From: David Presotto <presotto@closedmind.org>
To: 9fans@cse.psu.edu
Subject: [9fans] upas/vf
Date: Wed, 24 Sep 2003 05:11:07 -0400	[thread overview]
Message-ID: <597fdf052e4773580b161eaf7e169012@plan9.bell-labs.com> (raw)

I just updated upas/vf, upas/smtpd, and /sys/lib/mimetypes
to dump any mail that contains file extentions that in
/sys/lib/mimetypes have an 'r' in the 5th field.  At the
moment that includes .exe, .com, .scr, .bat, .com, and
.pif; all of which I saw the virus being spread with.

To use it, you'll need the following two files

1) an updated /rc/bin/service/tcp25

#!/bin/rc
#smtp serv net incalldir user
exec upas/smtpd -m /mail/lib/vfsend -n $3

2) the file /mail/lib/vfsend

#!/bin/rc
rfork s
/bin/upas/vf -r|upas/send $*

If you take out the -r option to vf, it will also wrap any
attachments that have 'n' in the 5th field of mimetypes
with a wrapper that keeps them from accidentally being executed
(its old behaviour).

If you take out the rfork s, the smtpd won't even send an
error return to the other end, it'll just die.  You might
want to do this.  I don't on the off chance that someone
might legitimately send something.

I still have to correct rfc822.y so that it doesn't get
confused by badly fomed headers but I have to relearn
yacc error recovery and experiment a bit first.
Luckily, those messages are in the noise.

This is not to turn anyone off to the bayesian stuff.
I just want to catch the cruft earlier and waste as
little of my system as possible, ala Boyd.

Also, the smtod now has a flag -D that delays response
for 15 seconds on the hope that spamers will go away.
It works some of the time.

next             reply	other threads:[~2003-09-24  9:11 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2003-09-24  9:11 David Presotto [this message]
2003-09-24 10:32 ` matt
2003-09-24 12:48   ` boyd, rounin
2003-09-24 14:30     ` Joel Salomon
2003-09-24 14:57       ` boyd, rounin

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=597fdf052e4773580b161eaf7e169012@plan9.bell-labs.com \
    --to=presotto@closedmind.org \
    --cc=9fans@cse.psu.edu \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).