[Esd-l] anti-NovArg rules
John D. Hardin
jhardin at impsec.org
Sat Feb 7 19:30:46 PST 2004
On 7 Feb 2004, Dan Riley wrote:
> "John D. Hardin" <jhardin at impsec.org> writes:
> > (particularly anybody being hammered by NovArg)
>
> Which reminds me--it was noted on nanog that NovArg has X-Priority and
> X-MSMail-Priority headers but not X-Mailer or X-MimeOLE, and just
> about the only other mail to share that property is spam. This seems
> to work pretty well, and no false positives here so far:
Does that also trap bounced novarg attack messages?
--
John Hardin KA7OHZ ICQ#15735746 http://www.impsec.org/~jhardin/
jhardin at impsec.org pgpk -a jhardin at impsec.org
key: 0xB8732E79 - 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
"Bother," said Pooh as he struggled with /etc/sendmail.cf, "it never
does quite what I want. I wish Christopher Robin was here."
-- Peter da Silva in a.s.r
-----------------------------------------------------------------------
56 days until the Slovakian Presidential Election
More information about the esd-l
mailing list