sendmail version that blocks email traffic from Microsoft products ?

sendmail version that blocks email traffic from Microsoft products ?

Post by Dennis Clark » Wed, 26 Nov 2003 00:58:59



I did a quick scan of my email and found that most of my spam traffic has one
thing in common thus :

X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
X-Mailer: Microsoft Outlook Express 5.00.2615.200
X-Mailer: Microsoft Outlook Express 5.00.2919.6700
X-Mailer: Microsoft Outlook Express 5.00.2919.6900 DM
X-Mailer: Microsoft Outlook Express 5.00.83498341
X-Mailer: Microsoft Outlook Express 5.50.4807.1700
X-Mailer: Microsoft Outlook Express 6.00.2462.0000
X-Mailer: Microsoft Outlook Express 6.00.2526.0000
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-Mailer: Microsoft Outlook Express 6.00.2720.3000
X-Mailer: Microsoft Outlook Express 6.00.2800.1158
X-Mailer: Microsoft Outlook Express Macintosh Edition - 4.5 (0410)
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0)
X-Mailer: Microsoft Outlook, Build 10.0.2616
X-Mailer: Microsoft Outlook, Build 10.0.2627
X-MimeOLE: Produced By Microsoft Exchange V6.0.6880.0
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6700
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4807.1700
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2462.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165

So is it possible to easily build a version of sendmail that will reject
inbound traffic that has such an identifier?  I realize that this is not
really a Solaris question but rather an admin question.  I am merely trying to
find a way to stop the flow of spam.  I figure that a build of sendmail that
blocks such traffic would be popular.

Dennis

 
 
 

sendmail version that blocks email traffic from Microsoft products ?

Post by Neil W Ricker » Wed, 26 Nov 2003 01:52:02



>I did a quick scan of my email and found that most of my spam traffic has one
>thing in common thus :
>X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
>X-Mailer: Microsoft Outlook Express 5.00.2615.200
>X-Mailer: Microsoft Outlook Express 5.00.2919.6700
>X-Mailer: Microsoft Outlook Express 5.00.2919.6900 DM
>X-Mailer: Microsoft Outlook Express 5.00.83498341
>X-Mailer: Microsoft Outlook Express 5.50.4807.1700
>X-Mailer: Microsoft Outlook Express 6.00.2462.0000
>X-Mailer: Microsoft Outlook Express 6.00.2526.0000
>X-Mailer: Microsoft Outlook Express 6.00.2600.0000
>X-Mailer: Microsoft Outlook Express 6.00.2720.3000
>X-Mailer: Microsoft Outlook Express 6.00.2800.1158
>X-Mailer: Microsoft Outlook Express Macintosh Edition - 4.5 (0410)
>X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0)
>X-Mailer: Microsoft Outlook, Build 10.0.2616
>X-Mailer: Microsoft Outlook, Build 10.0.2627
>X-MimeOLE: Produced By Microsoft Exchange V6.0.6880.0
>X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6700
>X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4807.1700
>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2462.0000
>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165

You should be able to block those with header check rulesets.

(Whether that is a good idea, is a different question).

 
 
 

sendmail version that blocks email traffic from Microsoft products ?

Post by Rich Tee » Wed, 26 Nov 2003 03:56:15



> I did a quick scan of my email and found that most of my spam traffic has one
> thing in common thus :

> X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
> X-Mailer: Microsoft Outlook Express 5.00.2615.200
> X-Mailer: Microsoft Outlook Express 5.00.2919.6700
> X-Mailer: Microsoft Outlook Express 5.00.2919.6900 DM
> X-Mailer: Microsoft Outlook Express 5.00.83498341
> X-Mailer: Microsoft Outlook Express 5.50.4807.1700
> X-Mailer: Microsoft Outlook Express 6.00.2462.0000
> X-Mailer: Microsoft Outlook Express 6.00.2526.0000
> X-Mailer: Microsoft Outlook Express 6.00.2600.0000
> X-Mailer: Microsoft Outlook Express 6.00.2720.3000
> X-Mailer: Microsoft Outlook Express 6.00.2800.1158
> X-Mailer: Microsoft Outlook Express Macintosh Edition - 4.5 (0410)
> X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0)
> X-Mailer: Microsoft Outlook, Build 10.0.2616
> X-Mailer: Microsoft Outlook, Build 10.0.2627
> X-MimeOLE: Produced By Microsoft Exchange V6.0.6880.0
> X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6700
> X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4807.1700
> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2462.0000
> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165

> So is it possible to easily build a version of sendmail that will reject
> inbound traffic that has such an identifier?  I realize that this is not
> really a Solaris question but rather an admin question.  I am merely trying to
> find a way to stop the flow of spam.  I figure that a build of sendmail that
> blocks such traffic would be popular.

In principle its doable (perhaps even quite easily, using
header check rule sets).  The only gotcha is that you'll
also get a lot of positives, given the uneducated massess'
propensity for using these broken email clients in the
first place...

--
Rich Teer, SCNA, SCSA

President,
Rite Online Inc.

Voice: +1 (250) 979-1638
URL: http://www.rite-online.net

 
 
 

sendmail version that blocks email traffic from Microsoft products ?

Post by Dennis Clark » Wed, 26 Nov 2003 06:45:01


Quote:> In principle its doable (perhaps even quite easily, using
> header check rule sets).  The only gotcha is that you'll
> also get a lot of positives, given the uneducated massess'
> propensity for using these broken email clients in the
> first place...

yeah .. but, no one I CARE to hear from uses a Microsoft email client.

So in my case, it would work wonderfully.

I also presume that it would be possible to fire a * email back at the
positive matches along the lines of :

  "You have been found to be running software that propogates virus
   traffic and spam. You email has been rejected.  Please use a real
   email client.  The real world suggests Netscape, Evolution, ... "

Dennis

 
 
 

sendmail version that blocks email traffic from Microsoft products ?

Post by Thomas H Jones I » Sun, 07 Dec 2003 10:46:08




Quote:

>I did a quick scan of my email and found that most of my spam traffic has one
>thing in common thus :

> [DELETED for space]

>So is it possible to easily build a version of sendmail that will reject
>inbound traffic that has such an identifier?  I realize that this is not
>really a Solaris question but rather an admin question.  I am merely trying to
>find a way to stop the flow of spam.  I figure that a build of sendmail that
>blocks such traffic would be popular.

If you have your sendmail compiled with MILTER support, then you can use
MIMEDefang and SpamAssassin. MIMEDefang is a milter that calls other mail
analyzers such as SpamAssassin (and anti-virus scanners, etc.).

I use it (and SpamAssasin and a few other plug-ins) to great effect. After
installing MIMEDefang w/ SpamAssassin, I went from almost 2,000 SPAMs a week
down to less than 100. Of that number, my Thunderbird takes care of all but
few per day.

-tom

 
 
 

1. Microsoft Firewall does not block Internet traffic -- MICROSOFT.COM

http://support.microsoft.com/?kbid=306203   --  May 13 2003

Internet Connection FIREWALL and Basic FIREWALL DO NOT BLOCK Internet
Protocol Version 6 TRAFFIC

The information in this article applies to:

     * Microsoft Windows Server 2003, 64-Bit Datacenter Edition
     * Microsoft Windows Server 2003, 64-Bit Enterprise Edition
     * Microsoft Windows Server 2003, Datacenter Edition
     * Microsoft Windows Server 2003, Enterprise Edition
     * Microsoft Windows Server 2003, Standard Edition
     * Microsoft Windows Server 2003, Web Edition
     * Microsoft Windows XP 64-Bit Edition Version 2003
     * Microsoft Windows XP 64-Bit Edition Version 2002
     * Microsoft Windows XP 64-Bit Edition Version 2002 SP1
     * Microsoft Windows XP Home Edition
     * Microsoft Windows XP Home Edition SP1
     * Microsoft Windows XP Media Center Edition
     * Microsoft Windows XP Professional
     * Microsoft Windows XP Professional SP1
     * Microsoft Windows XP Tablet PC Edition

This article was previously published under Q306203
SYMPTOMS

With Microsoft Internet Protocol version 6 (IPv6) installed and Internet
Connection Firewall (ICF) or Basic Firewall enabled, the firewall
filters Internet Protocol version 4 (IPv4) traffic, but the basic
firewall and the ICF does not block or filter IPv6 traffic.

---

TO WORK AROUND THIS BEHAVIOR, OBTAIN FIREWALL SOFTWARE THAT CAN FILTER
AND BLOCK IPV6 TRAFFIC.
....... unquote .......

2. Problems with Dell 8X CD-RW

3. Microsoft products are good, so why do all you anti-Microsoft , losers say they suck?

4. linux dvd software?

5. Microsoft on Microsoft-How does the software giant spin it own history in its reference products?

6. dual IP adress on one NIC

7. Duh - Microsoft: "Our products aren't engineered for security"

8. Pop3 setup

9. What?!! Microsoft Products ported to LINUX!!!

10. Why I buy Microsoft products everytime

11. The Sad State Of Microsoft Product Development Today

12. Microsoft's Product Numbering System is NOT Y2K Compliant

13. Ken Kinder's Open Standards Speech (Re: why do all Microsoft products suck?)