From list-managers-owner@greatcircle.com Sun Jul 11 16:16:29 2004 Received: from www-s34d2.ununetworks.com (www-s34d2.ununetworks.com [66.36.228.29]) by mycroft.greatcircle.com (Postfix) with ESMTP id 820FE32C3D5 for ; Sun, 11 Jul 2004 16:16:28 -0700 (PDT) Received: from host81-152-159-113.range81-152.btcentralplus.com ([81.152.159.113]) by www-s34d2.ununetworks.com with asmtp (Exim 4.30; FreeBSD) id 1BjnYb-0003gv-Nq for list-managers@greatcircle.com; Sun, 11 Jul 2004 19:16:29 -0400 Message-ID: <40F1CA5A.6000209@btopenworld.com> Date: Mon, 12 Jul 2004 00:16:42 +0100 From: lee User-Agent: Mozilla Thunderbird 0.6 (Windows/20040502) X-Accept-Language: en MIME-Version: 1.0 To: list-managers@greatcircle.com Subject: (poss offtopic) How to 'not' demime a specific list subscriber References: <40F0A1A7.4080500@btinternet.com> In-Reply-To: <40F0A1A7.4080500@btinternet.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - www-s34d2.ununetworks.com X-AntiAbuse: Original Domain - greatcircle.com X-AntiAbuse: Originator/Caller UID/GID - [0 0] / [26 6] X-AntiAbuse: Sender Address Domain - btopenworld.com X-Archive-Number: 200407/1 X-Sequence-Number: 1782 hello Nick or anyone else, >I've been grappling around through my lack of perl and related >expression understanding and have now reached the point where I have >somehow achieved my recent quest of trying to use the advertising sig >removal to remove old list footers. > >Now, I have to somehow find a way to demime all subscribers of a >specific list except for one WebTV subscriber. I have so far tried to >set the $::EXPAND_MULTIPART_RFC822_SECTION variable to either 0 or 1 but >both are not appropriate. This is because one option removes any reply >that he is referring to, and the other results in full headers appearing >in the demimed mail. > >I've seen a reference to WebTV in the demime file's comments, and I've >also seen the comments I've pasted below relating to setting my sendmail >alias, but I simply can't seem to think of how to set things up so the >WebTV person's mails by-pass demime. I've been thinking of somehow >catching his mails before they reach the standard alias, then maybe use >another mailing list to somehow merge his posts with the other demimed >posts, but am stumped as to how to set my CPanel filters etc to achieve >this without compromising the headers in the main list. A further >possible complication is that he is also subscribed to another list >using his same email address, so I can't consider piping all of his >posts sent to my domain to a single list specific destination. > >In case it helps in any advice you can give, here is the alias line I am >currently using to successfully demime all posts and then pipe to my >mail manager program's cron: > >test@mydomain.com: |/home/cpaneluser/www/demime.pl >"|/home/cpaneluser/www/mailgust/dbcron.pl 11" > >By the way, I don't have unix command line access to my webspace. I use >CPanel. > >many thanks, >Lee > > > >=item target positional parameter: relay|-|>&=d|'|pipe as argument' > >This required option indicates the mailing address that should get the >reformatted message. If you want the message on stdout, use '-' as >the address. The address to send to will not be read from the mail >file, for security reasons. > >You may specify a list of addresses. Simply insure that they are passed >as one token and separated by semicolons. If you use sendmail, an alias >such as: > > realuser: "| demime '-;\realuser;otheruser' | other_program" > >may be useful. It will deliver both to the next program in the pipe and >to the mail file belonging to the real user that you are aliasing. > > > From list-managers-owner@greatcircle.com Wed Jul 14 09:08:16 2004 Received: from yertle.kcilink.com (yertle.kcilink.com [65.205.34.180]) by mycroft.greatcircle.com (Postfix) with ESMTP id C2DB832C218 for ; Wed, 14 Jul 2004 09:08:14 -0700 (PDT) Received: from [192.168.7.103] (host-103.int.kcilink.com [192.168.7.103]) by yertle.kcilink.com (Postfix) with ESMTP id C5201217B6 for ; Wed, 14 Jul 2004 12:08:08 -0400 (EDT) Mime-Version: 1.0 (Apple Message framework v618) Content-Transfer-Encoding: 7bit Message-Id: Content-Type: text/plain; charset=US-ASCII; format=flowed To: list-managers@greatcircle.com From: Vivek Khera Subject: yahoo delays? Date: Wed, 14 Jul 2004 12:08:08 -0400 X-Mailer: Apple Mail (2.618) X-Archive-Number: 200407/2 X-Sequence-Number: 1783 From time to time, I expect major delays from hotmail. Until recently, we've had great luck with yahoo delivery. The last couple of weeks, we have seen a tremendous slowdown in deliveries to yahoo, causing some serious backlogs in our mail queues. Has anyone else been experiencing slow email delivery to yahoo? From list-managers-owner@greatcircle.com Wed Jul 14 11:35:58 2004 Received: from www-s34d2.ununetworks.com (www-s34d2.ununetworks.com [66.36.228.29]) by mycroft.greatcircle.com (Postfix) with ESMTP id 201C432C545 for ; Wed, 14 Jul 2004 11:35:58 -0700 (PDT) Received: from host217-44-180-159.range217-44.btcentralplus.com ([217.44.180.159]) by www-s34d2.ununetworks.com with asmtp (Exim 4.30; FreeBSD) id 1Bkobn-0006f0-73 for list-managers@greatcircle.com; Wed, 14 Jul 2004 14:35:59 -0400 Message-ID: <40F57D0D.9020100@btopenworld.com> Date: Wed, 14 Jul 2004 19:35:57 +0100 From: lee User-Agent: Mozilla Thunderbird 0.6 (Windows/20040502) X-Accept-Language: en MIME-Version: 1.0 To: list-managers@greatcircle.com Subject: Re: yahoo delays? References: In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - www-s34d2.ununetworks.com X-AntiAbuse: Original Domain - greatcircle.com X-AntiAbuse: Originator/Caller UID/GID - [0 0] / [26 6] X-AntiAbuse: Sender Address Domain - btopenworld.com X-Source: X-Source-Args: X-Source-Dir: X-Archive-Number: 200407/3 X-Sequence-Number: 1784 not recently, but I have done. I guess it depends on which mail server you're using and if they're overloaded due to spam or a worm (for eg) at that time; eg mail.yahoo.com mail.yahoo.co.uk etc lee Vivek Khera wrote: > From time to time, I expect major delays from hotmail. Until > recently, we've had great luck with yahoo delivery. The last couple > of weeks, we have seen a tremendous slowdown in deliveries to yahoo, > causing some serious backlogs in our mail queues. > > Has anyone else been experiencing slow email delivery to yahoo? > > From list-managers-owner@greatcircle.com Mon Jul 19 15:47:32 2004 X-Original-To: list-managers@greatcircle.com Received: from ms-smtp-04.nyroc.rr.com (ms-smtp-04.nyroc.rr.com [24.24.2.58]) by mycroft.greatcircle.com (Postfix) with ESMTP id 9236E32C481 for ; Mon, 19 Jul 2004 15:47:19 -0700 (PDT) Received: from JoelPC (roc-69-201-76-28.rochester.rr.com [69.201.76.28]) by ms-smtp-04.nyroc.rr.com (8.12.10/8.12.10) with ESMTP id i6JMl8t3028203 for ; Mon, 19 Jul 2004 18:47:17 -0400 (EDT) From: "Joel Elias" To: Subject: Blocking Attachments - Majordomo? Date: Mon, 19 Jul 2004 18:47:07 -0400 Message-ID: <002d01c46de2$55189f50$0302a8c0@JoelPC> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.6626 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1441 Importance: Normal X-Virus-Scanned: Symantec AntiVirus Scan Engine X-Archive-Number: 200407/4 X-Sequence-Number: 1785 I run a Majordomo mailing list for a group of around 160 mostly technically unsophisticated subscribers so I am concerned about propagating viruses via the list. I would like to block or strip attachments sent via the list and would appreciate guidance on how to do so. A Google and Google Groups search turned up little of use and less that made sense to me. Is it possible to block or strip attachments on a Majordomo list while still letting the text/HTML portion of a message to go through? Is there a way to search the archives of this list? I'm sure this question must have come up before but was unable to find a search tool for the archives. Thanks in advance - Joel From list-managers-owner@greatcircle.com Mon Jul 19 15:49:47 2004 X-Original-To: list-managers@greatcircle.com Received: from mail-svr1.cs.utah.edu (brahma.cs.utah.edu [155.99.198.200]) by mycroft.greatcircle.com (Postfix) with ESMTP id F049B32C45E for ; Mon, 19 Jul 2004 15:49:46 -0700 (PDT) Received: from cs.utah.edu (spitfire.cs.utah.edu [155.98.65.165]) by mail-svr1.cs.utah.edu (Postfix) with ESMTP id 4CAB0346F0 for ; Mon, 19 Jul 2004 16:49:46 -0600 (MDT) Message-ID: <40FC500A.5090204@cs.utah.edu> Date: Mon, 19 Jul 2004 16:49:46 -0600 From: "Mark J. Bradakis" Organization: U of U School of Computing User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6) Gecko/20040113 X-Accept-Language: en-us, en MIME-Version: 1.0 To: list-managers@greatcircle.com Subject: Re: Blocking Attachments - Majordomo? References: <002d01c46de2$55189f50$0302a8c0@JoelPC> In-Reply-To: <002d01c46de2$55189f50$0302a8c0@JoelPC> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Archive-Number: 200407/5 X-Sequence-Number: 1786 Google for demime - I use it on about a hundred or so lists. mjb. From list-managers-owner@greatcircle.com Mon Jul 19 19:20:39 2004 X-Original-To: list-managers@greatcircle.com Received: from www-s34d2.ununetworks.com (www-s34d2.ununetworks.com [66.36.228.29]) by mycroft.greatcircle.com (Postfix) with ESMTP id 0963132C4AA for ; Mon, 19 Jul 2004 19:20:38 -0700 (PDT) Received: from host81-152-152-119.range81-152.btcentralplus.com ([81.152.152.119]) by www-s34d2.ununetworks.com with asmtp (Exim 4.30; FreeBSD) id 1BmkFE-000GmA-3W for list-managers@greatcircle.com; Mon, 19 Jul 2004 22:20:40 -0400 Message-ID: <40FC8187.9090309@btopenworld.com> Date: Tue, 20 Jul 2004 03:20:55 +0100 From: lee User-Agent: Mozilla Thunderbird 0.6 (Windows/20040502) X-Accept-Language: en MIME-Version: 1.0 To: list-managers@greatcircle.com Subject: Re: Blocking Attachments - Majordomo? References: <002d01c46de2$55189f50$0302a8c0@JoelPC> <40FC500A.5090204@cs.utah.edu> In-Reply-To: <40FC500A.5090204@cs.utah.edu> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - www-s34d2.ununetworks.com X-AntiAbuse: Original Domain - greatcircle.com X-AntiAbuse: Originator/Caller UID/GID - [0 0] / [26 6] X-AntiAbuse: Sender Address Domain - btopenworld.com X-Source: X-Source-Args: X-Source-Dir: X-Archive-Number: 200407/6 X-Sequence-Number: 1787 Yes Joel, demime can be set to strip away everything and just leave or convert to plain text. I think Nick who wrote demime is a zubscriber on this list, by the way. lee Mark J. Bradakis wrote: > Google for demime - I use it on about a hundred or so lists. > > > mjb. > > > From list-managers-owner@greatcircle.com Tue Jul 20 02:24:31 2004 X-Original-To: list-managers@greatcircle.com Received: from mail-svr1.cs.utah.edu (brahma.cs.utah.edu [155.99.198.200]) by mycroft.greatcircle.com (Postfix) with ESMTP id 39B3532C158 for ; Tue, 20 Jul 2004 02:23:48 -0700 (PDT) Received: from mail-svr2.cs.utah.edu (vishnu.cs.utah.edu [155.99.198.201]) by mail-svr1.cs.utah.edu (Postfix) with ESMTP id 98176346EB for ; Tue, 20 Jul 2004 03:27:41 -0600 (MDT) Received: from cs.utah.edu (42dbca84.dsl.aros.net [66.219.202.132]) by mail-svr2.cs.utah.edu (Postfix) with ESMTP id 5B1313F18D for ; Tue, 20 Jul 2004 03:27:39 -0600 (MDT) Message-ID: <40FCE58A.8010608@cs.utah.edu> Date: Tue, 20 Jul 2004 03:27:38 -0600 From: "Mark J. Bradakis" Organization: School of Computing User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6) Gecko/20040113 X-Accept-Language: en-us, en MIME-Version: 1.0 To: list-managers@greatcircle.com Subject: Re: Blocking Attachments - Majordomo? References: <002d01c46de2$55189f50$0302a8c0@JoelPC> <40FC500A.5090204@cs.utah.edu> In-Reply-To: Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Archive-Number: 200407/7 X-Sequence-Number: 1788 Demime can be downloaded from http://scifi.squawk.com/demime.html Demime is a filter program that processes messages before handing them off to some other program, such as majordomo. Once installed, it can be called as part of an alias in the MTA definitions. For example, using sendmail, one would change the alias blah: "|/your/path/to/majordomo/wrapper resend -l blah ... into an entry like blah: "|/your/path/to/demime - |/your/path/to/majordomo/wrapper resend -l blah ... mjb. ---- I played a blank CD at max volume for over an hour. Drove the mime next door nuts. From list-managers-owner@greatcircle.com Tue Jul 20 05:34:32 2004 X-Original-To: list-managers@GreatCircle.COM Received: from JL344-GX270.com (jl344-1.cit.cornell.edu [128.253.64.110]) by mycroft.greatcircle.com (Postfix) with SMTP id 350DD32C156 for ; Tue, 20 Jul 2004 05:34:30 -0700 (PDT) Date: Tue, 20 Jul 2004 08:34:48 -0500 To: "List-managers" From: "Chuqui" Subject: Re: Message-ID: MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="--------ueuihkdbqeurxxlqqtbk" X-Archive-Number: 200407/8 X-Sequence-Number: 1789 ----------ueuihkdbqeurxxlqqtbk Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: 7bit >Animals

Password:

----------ueuihkdbqeurxxlqqtbk Content-Type: image/gif; name="iujlnewcck.gif" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="iujlnewcck.gif" Content-ID: R0lGODlhQAATAPcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/ AP//AAAA//8A/wD//////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBmAABmMwBmZgBm mQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/ AAD/MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMz mTMzzDMz/zNmADNmMzNmZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPM ADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/mTP/zDP//2YAAGYAM2YAZmYA mWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZmzGZm/2aZ AGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/ mWb/zGb//5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lm AJlmM5lmZplmmZlmzJlm/5mZAJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnM mZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwAM8wAZswAmcwAzMwA/8wz AMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZZsyZ mcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8A AP8AM/8AZv8Amf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9m mf9mzP9m//+ZAP+ZM/+ZZv+Zmf+ZzP+Z///MAP/MM//MZv/Mmf/MzP/M//// AP//M///Zv//mf//zP///yH5BAEAABAALAAAAABAABMAAAj/AP8JHEiwoMGD CBMqXMiwocOHECNKnEixosWIvogRy+hLILWM1AT6m7Yx3sCMG4n9E5cy40WF /nzd+4ePmL+a+P7d85XPH7Fm//IRm2lQGzGTLxHCUyeQWcd/xOBBVfnPZU1/ B+EtS4qQGrGQValq1OnLX8yZ9nwZIzaNIE6uB5kRyydwY92nclkKJPnPZ06B 8KjCJehTqkCXU8neHFqQGNPDhgcPrAk2MdSOa+8WRPxW8sBpPAfCeyoO6FjL A4m9E3hvrmfRgv/1K+s1pDyZQnPKpcn4X2Csr8MWJOmrMuijAvPFU13ZbvDn r1tqZIkSnS+OxFhuxL69JXXo4MOLBB8PNyAAOw== ----------ueuihkdbqeurxxlqqtbk Content-Type: application/octet-stream; name="Garry.zip" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="Garry.zip" ----------ueuihkdbqeurxxlqqtbk-- From list-managers-owner@greatcircle.com Tue Jul 20 21:42:35 2004 X-Original-To: list-managers@greatcircle.com Received: from parrot.squawk.com (parrot.squawk.com [64.244.111.110]) by mycroft.greatcircle.com (Postfix) with ESMTP id 0BD0E32C2B7 for ; Tue, 20 Jul 2004 21:42:34 -0700 (PDT) Received: from [199.74.151.5] (nscifi.squawk.com [199.74.151.5]) by parrot.squawk.com (Postfix) with ESMTP id 8D54C25B2F8; Wed, 21 Jul 2004 00:42:28 -0400 (EDT) Subject: Re: From: Nick Simicich To: Chuqui Cc: List Managers In-Reply-To: References: Content-Type: text/plain Message-Id: <1090384947.29146.20347.camel@quickdraw.squawk.com> Mime-Version: 1.0 X-Mailer: Ximian Evolution 1.4.5 (1.4.5-7) Date: Wed, 21 Jul 2004 00:42:28 -0400 Content-Transfer-Encoding: 7bit X-Archive-Number: 200407/9 X-Sequence-Number: 1790 On Tue, 2004-07-20 at 09:34, Chuqui wrote: > >Animals > > Password: One of my listserv lists got one of these - and it came from an alias of mine that, literally, had not been used in probably 10 years - it was still an alias that could be used to post to the list. It came from a machine in Vietnam. This almost certainly means that there is a virus out there that is going after list memberships and then getting those responses and forging a posting from one of the addresses it finds that is not shielded and can post to the list. This allows it to bypass the "members only" list posting. The gif is the password - this is used because some of the virus screeners were trying to use every word in the note as a password to unscramble the zip and then, when and if it unscrambled, to then do the signature verification. This is at least partially because people were telling some of their customers that if they really had to send an exe to someone else, to zip it first. This one apparently came from an infected machine at Cornell. Someone said a similar attack was W32Beagle. I have not checked this one. -- Blog: http://majordomo.squawk.com/njs/blog/blogger.html Atom: http://majordomo.squawk.com/njs/blog/atom.xml RSS: http://majordomo.squawk.com/njs/blog/atom.rdf From list-managers-owner@greatcircle.com Wed Jul 21 05:43:16 2004 X-Original-To: list-managers@greatcircle.com Received: from pickering.cc.nd.edu (pickering.cc.nd.edu [129.74.250.225]) by mycroft.greatcircle.com (Postfix) with ESMTP id 1D43432C2E4 for ; Wed, 21 Jul 2004 05:43:12 -0700 (PDT) Received: from [129.74.9.38] (vpn-9-38.vpn.nd.edu [129.74.9.38]) (authenticated bits=0) by pickering.cc.nd.edu (Switch-3.1.6a/Switch-3.1.0) with ESMTP id i6LChAf5012155 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=NO) for ; Wed, 21 Jul 2004 07:43:10 -0500 (EST) Message-ID: <40FE64D5.8030405@nd.edu> Date: Wed, 21 Jul 2004 07:43:01 -0500 From: Paul Russell Organization: University of Notre Dame User-Agent: Mozilla Thunderbird 0.7.2 (Windows/20040707) X-Accept-Language: en-us, en MIME-Version: 1.0 To: list-managers@greatcircle.com Subject: Re: Virus posted to list using forged sender address References: <1090384947.29146.20347.camel@quickdraw.squawk.com> In-Reply-To: <1090384947.29146.20347.camel@quickdraw.squawk.com> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-ND-MTA-Date: Wed, 21 Jul 2004 07:43:12 -0500 (EST) X-ND-Virus-Scan: engine v4.3.20; dat v4379 X-Archive-Number: 200407/10 X-Sequence-Number: 1791 On 7/20/2004 11:42 PM, Nick Simicich wrote: > On Tue, 2004-07-20 at 09:34, Chuqui wrote: > >>>Animals >> >>Password: > > > One of my listserv lists got one of these - and it came from an alias of > mine that, literally, had not been used in probably 10 years - it was > still an alias that could be used to post to the list. ... > Someone said a similar attack was W32Beagle. I have not checked this > one. There have been at least 3 new Bagle variants discovered in the wild in the past week, and we have seen a marked increase in the number of copies of Bagle hitting our central mail servers. We run A/V software and MIMEDefang on our central mail servers, but we also configure new lists to reject messages with attachments. The default configuration for new announcement lists requires confirmation on posting, and some discussion list owners have imposed the same restriction. -- Paul Russell Senior Systems Administrator OIT Messaging Services Team University of Notre Dame