[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Incorporating logging into Russell Nelson's anti-executable patch

To: Russell Nelson <nelson@xxxxxxxxxx>
Subject: Re: Incorporating logging into Russell Nelson's anti-executable patch
From: Markus Stumpf <maex-qmail@xxxxxxxxx>
Date: Mon, 02 Feb 2004 21:50:26 +0100
Cc: qmail@xxxxxxxxxxxxx
Delivered-to: de5-qmail@sws5.ornl.gov
Delivered-to: mailing list qmail@list.cr.yp.to
In-reply-to: <16410.3213.368404.262916@desk.crynwr.com>
Mailing-list: contact qmail-help@list.cr.yp.to; run by ezmlm
Organization: SpaceNet AG, Muenchen, Germany
References: <9908FCB837A50642B74E2BEC198843095CC5B9@csrees-exchsrvb.csrees.usda.gov> <16409.28244.665565.704101@desk.crynwr.com> <20040129203809.GD24130@flounder.net> <16409.30142.533972.79951@sws5.ornl.gov> <20040129221717.GH24130@flounder.net> <16409.50505.503213.622201@desk.crynwr.com> <20040130070407.GW24130@flounder.net> <16410.3213.368404.262916@desk.crynwr.com>
User-agent: Mutt/1.4.1i

On Fri, Jan 30, 2004 at 02:49:33AM -0500, Russell Nelson wrote:
> Adam McKenna writes:
>  > My point is that people who want logging are not necessarily
>  > 'idiots'.  There are many legitimate reasons that someone might
>  > want logging.
> 
> Like what?

I use logging with your patch ;-)
The lines look like:

pd95843f9.dip.t-dialin.net:217.88.67.249 rejected: <pcsupport@xxxxxx> executable content
ipz01.net.globalnet.hr:213.149.46.90 rejected: <steve@xxxxxxxxxx> executable content
dialup40-82.birch.net:216.212.40.82 rejected: <jan@xxxxxxxxxxxxxxxx> executable content
[ ... ]

A script sends me a list of hostnames each day. After a short glance to
not block large mailservers like e.g.
  mail1.bluewin.ch:195.186.1.74 rejected: <john.werner@xxxxxxxxxx> executable content
the list gets feeded to our local DNSBL, most addresses with a /24.
If they can't care for their hosts I don't want to talk with them at all
and even save the bandwith it needs to filter out their viruses.

On the mailservers for our customers I use it non rejecting. Our
customers receive and send executables *sigh*. But the logging feature
is a good indicator to find virus infected customers. We don't do graphs
or count the bytes saved, but it helps use to improve the quality of
service that we provide to our customers (and to the net by detecting
and blocking infected hosts at our customers).

So a BIG THANKS for writing it.

	\Maex

P.S. Logging also help me to discover that one post to the ezmlm list
triggered delivery of some thousand (!!!) viruses to the "ezmlm tagged"
address I use for the list.

-- 
SpaceNet AG            | Joseph-Dollinger-Bogen 14 | Fon: +49 (89) 32356-0
Research & Development |       D-80807 Muenchen    | Fax: +49 (89) 32356-299
"The security, stability and reliability of a computer system is reciprocally
 proportional to the amount of vacuity between the ears of the admin"

Prev by Date: Re: Qmail with InterScan Messaging Security Suite
Next by Date: [Announce] qmail SPF patch (pre1)
Previous by thread: Re: Question relating to bounces, spam, and viruses
Next by thread: [Announce] qmail SPF patch (pre1)
Index(es):
- Date
- Thread