Author Topic: crazy security  (Read 603 times)

caveman_piet

  • Member
  • **
  • Posts: 52
  • Kudos: 0
    • http://www.pexy.co.za
crazy security
« on: 1 November 2002, 03:19 »
Beginning of the week I found my e-mails intercepted by the ISP. :(  

ANY attachment with a password protected zip/gzip
file was not forwarded with a message to the effect
that password encrypted files MAY contain a virus
and are therefore not allowed through. :confused:  

After phoning and bitching something terrible they
changed this and now - they interrogate the zip files and password protected ones are let through
 but ANY "unprotected" zip file that contains a
"exe/cmd/bat etc.." file
is now stopped because it MAY contain a virus.
(even if I change the extension to "txt" - which
mean - they are interrogating the contents of the
file. :mad:  )

I phoned and bitched all the way up to the CEO,
and they all gave me the same story....
"That is how hackers and virii gets into the machine." - even AFTER telling them my systems are
either Linux or Unix and that zip files are my
problem - they won't bloody listen.
So after saying I'll see them in court as they are
NOT allowed to interrogate ANY of my files...
They now changed all my company e-mails to a
"non-secure" e-mail server.

They still refuse to allow mail through with exe or
scripts attached.

Now this seems to be a new trick by the ISPs.
Anybody have the same someplace else?
Microsoft apparently thinks that R&D stands for 'Rewrap & Disguise'.

voidmain

  • VIP
  • Member
  • ***
  • Posts: 5,605
  • Kudos: 184
    • http://voidmain.is-a-geek.net/
crazy security
« Reply #1 on: 1 November 2002, 03:48 »
Actually I have all of my mail servers set up similarly, in fact in even more of a nazi way in that I don't look through the files. If they match a certain extension I just reject them indiscriminantly from coming into my server.

As far as I'm concered email is in no way meant to transfer *.exe, *.com, *.bat, *.scr, etc, etc. There are many ways to transfer such files. They can be made available by the sender and a message sent out to those that they wish to receive such files to come and get them via ftp or browser. But they should not be "pushed" on people.

I find that 99.9% of *.com, *.exe, *.bat, *.scr messages that are rejected are infact viruses. I do not manage a large ISP so my users actually like this protection. They know how to get around it if they need to but it prevents them from getting viruses. I would say if you don't like it, find a different mail server or run your own.

[ October 31, 2002: Message edited by: void main ]

Someone please remove this account. Thanks...

caveman_piet

  • Member
  • **
  • Posts: 52
  • Kudos: 0
    • http://www.pexy.co.za
crazy security
« Reply #2 on: 1 November 2002, 04:08 »
Don't understand me wrong -
I agree 100% if they refuse to forward any
"exe,bat,cmd etc" files when they are attached.

My gripe is - if they are inside a zip/gzip file.
That should be my problem. If they start
interrogating the zip files -
a) I have to change / inform everybody to
  make some other plan - eg. pwd protect all files.
 (a lot of my clients are farmers - and they
 can't even spell "black box" - never mind
 confusing them with alternate ways of getting
 data.
b) If I start using pgp with everything I send -
  when will they refuse to forward those as they
  might have a virus inside?
c) We send a lot of small updates and once off
  programs this way - as well as .so and .dll
  files. They gonna stop these as well?

Actually I'm just pissed off at them looking inside
my zip files. (And I use these 'cause I know if
the file arrived intact or not!)

Oh and as for a.n.other ISP - that is now
allready in the pipe line.

Edit:

In actual fact - installing my own server might
be a better solution.

[ October 31, 2002: Message edited by: caveman ]

Microsoft apparently thinks that R&D stands for 'Rewrap & Disguise'.

voidmain

  • VIP
  • Member
  • ***
  • Posts: 5,605
  • Kudos: 184
    • http://voidmain.is-a-geek.net/
crazy security
« Reply #3 on: 1 November 2002, 04:17 »
I actually don't block ZIP files as I have not heard of a virus infecting an EXE, zipping it up then forwarding it to everyone in the address book. But that doesn't mean it can't happen. I would imagine that there are a lot more people on the ISPs ass to protect them than people like you. But that doesn't help your cause. Another question, what good is it to send a file when some of your customers may also have this blocking on their ISP?

My solution is for you to put the files that you want your customers to get on a web server. Then email them with the link to the file. This will not blog up their email and they can download it at their convenience. If you are receiving files you could set up an FTP server with an ID/password , send the URL (with the ID/Password embedded in the URL) so it will open up a window that they can copy their file into (and place it on the FTP server). Or just give them a short list of instructions on how to FTP the file to the server. I know that may be a little less convenient but it's better netiquette in my opinion.
Someone please remove this account. Thanks...

caveman_piet

  • Member
  • **
  • Posts: 52
  • Kudos: 0
    • http://www.pexy.co.za
crazy security
« Reply #4 on: 1 November 2002, 04:28 »
We actually started something similiar about
a year ago - ie. sending them a URL with the
data embedded and using that to get hold of
the files.

Somehow we couldn't get it to work properly
and to our satisfaction and it got sidelined.
Oh and far to many of the clients are still
using windows '95 - which is a headache all
on its own!

Will have to revive that project again I assume.  :D
Microsoft apparently thinks that R&D stands for 'Rewrap & Disguise'.

voidmain

  • VIP
  • Member
  • ***
  • Posts: 5,605
  • Kudos: 184
    • http://voidmain.is-a-geek.net/
crazy security
« Reply #5 on: 1 November 2002, 04:33 »
Or you could put out your own mail server and not block attachments.    I would offer you a mail account on my server but I guess that wouldn't help you out either since I also block.  
Someone please remove this account. Thanks...

caveman_piet

  • Member
  • **
  • Posts: 52
  • Kudos: 0
    • http://www.pexy.co.za
crazy security
« Reply #6 on: 1 November 2002, 04:37 »
heh heh

Tx for the offer

but Tuxville, USA is a bit far from Midrand RSA.  :D

Had a nice problem today on another SMTP server...
some nice guy (read #@$# fool) got it blacklisted.

First to figure out what the problem was and now
to get it out of the blacklist ;)
Microsoft apparently thinks that R&D stands for 'Rewrap & Disguise'.

voidmain

  • VIP
  • Member
  • ***
  • Posts: 5,605
  • Kudos: 184
    • http://voidmain.is-a-geek.net/
crazy security
« Reply #7 on: 1 November 2002, 04:40 »
Yes, I also use RBL/ORDB on my servers as well as block any other spam addresses that I get. People will get on the black list if they allow open relay. It has caused me some trouble in the past but fixing up the server of the offending party and getting them removed from RBL is a small price to pay to help in the fight with SPAM.
Someone please remove this account. Thanks...

caveman_piet

  • Member
  • **
  • Posts: 52
  • Kudos: 0
    • http://www.pexy.co.za
crazy security
« Reply #8 on: 1 November 2002, 04:46 »
ya. I agree - finding the problem was half the
fun - sorting it out - setting the configs
on the server etc. the rest.

Now off to bed - have to get ready to fly off
to the UK tonight.
Here it's 02h45 in the morning - and I have to
pick up the passport by 8.

g'night
Microsoft apparently thinks that R&D stands for 'Rewrap & Disguise'.

voidmain

  • VIP
  • Member
  • ***
  • Posts: 5,605
  • Kudos: 184
    • http://voidmain.is-a-geek.net/
crazy security
« Reply #9 on: 1 November 2002, 04:58 »
Hey, you just gave me an idea. It wouldn't be all that hard to modify sendmail milter to only scan/reject messages for those users who wish to have that functionality. It could check a file for a "userid/value". A CGI web program could be written that would allow the users to log in/configure their setting. Maybe I'll start work on that tonight.
Someone please remove this account. Thanks...