Getting around MyDoom filter?


#1

Now that DH has “implemented an email check for ALL incoming mail” for mydoom, I’m having a hard time sending emails. These are mainly emails with attachments that are either folders or .zip. I tried changing the subject and body of the email, I still got a response from the server telling me I’m trying to send the mydoom virus.

I understand the need for filtering, but the fact that I can’t send emails is worse than getting a virus. I’ve contacted tech support, but not yet heard back. What I would like to know is:

  1. how I can send an email and not get stuck with such errors
    or
  2. turn off the filter for my domain - the only machines that send email are Macs, so there’s no chance of someone on this domain getting the virus and sending it via DH.

Thank you.


#2

As we indicated in the announcement, the checks we performed may block some (not all) emails with .zip attachments (you might try using a different mail client and see if that helps - I didn’t have any problems sending a .zip file to myself from mutt when I tested it). Also, this is a temporary measure… we simply can’t handle the volume of support requests that the virus generates, nor can our servers easily handle that number of inbound smtp processes happily. I wasn’t happy to implement this check without having a regular expression that was more precise, but we ultimately made the decision that it was necessary.

There’s no way to exempt users or domains from this filter. However, it will be removed pretty soon.

To get around it in the meantime, you’d need to use your ISP’s SMTP server (if possible), see if sending via webmail or Pine works, or try resending.


#3

thanks. I would use webmail but it’s unbearably slow (always has been). Tried my ISP’s SMTP server but it wouldn’t let me relay, even though it was authenticated.

I tried resending, editing the email, attaching the file differently… about a couple dozen times, still no go.

I received close to 3000 emails on my DH account before you guys implemented the filter, now I only get about 30-40/day (though my email client catches all those…) Haven’t received the virus in a while - just the bounces. Frankly, ISPs who send autoresponders to the spoofed from address in the emails should be banned from ever using anything but a 1200 baud modem and lynx. Everyone knows the “from” address is spoofed, why spam those people?

Anyway… guess I’ll just grin and bear it for the time being.


#4

[quote]thanks. I would use webmail but it’s unbearably slow (always has been).

[/quote]

Sometimes it’s bad, but shouldn’t be so bad you can’t use it to send a single email, should it?

You could also login via Pine and send it from there.

[quote]Tried my ISP’s SMTP server but it wouldn’t let me relay, even though it was authenticated.

[/quote]

Does it work if you disable authentication entirely?

[quote]I tried resending, editing the email, attaching the file differently…

[/quote]

What if you send the file uncompressed, or use a different compression algorithm (gzip it maybe?)


#5

[quote]Sometimes it’s bad, but shouldn’t be so bad you can’t use it to send a single email, should it?

[/quote]

Usually takes 3+ minutes to get a listing of my inbox - but I use IMAP and currently have 69MB of email (since Dec 1) so I’ve always figured that’s why it was so slow

[quote]Does it work if you disable authentication entirely?

[/quote]

Tried it that way first, still no go.

[quote]What if you send the file uncompressed, or use a different compression algorithm (gzip it maybe?)

[/quote]

Uncompressed didn’t work either. I ended up making it a .sit and that did it, but then the person on the other end had to download stuffit expander.


#6

[quote]Usually takes 3+ minutes to get a listing of my inbox

[/quote]

Does it show the “compose” button while you’re waiting for the inbox to load? You could probably just click on the compose link without waiting for the inbox to load.

Is all 69 Mb in your inbox? You might try rotating your inbox to an archive folder… this will probably improve IMAP performance (and make our servers happier at the same time).

I don’t love webmail, but I’ve found that it usually loads relatively quickly for me.

(/me mutters something about email packrats)


#7

sometimes the nav frame loads first, sometimes it doesn’t.

All 69MB is in my inbox. I archive my email that’s older than four months. I often travel and need access to my email that’s synced between my machines. Using POP and keeping messages on the server doesn’t work very well.

Keeping that much email in my inbox saves me a lot of time. I would split it off into other mailboxes, still being on the server and not archived locally, but I haven’t had good experiences with that actually working.

On all my other accounts, I don’t archive anything. Just this one is very important. It has saved my butt, or a client’s butt, more than a few times.


#8

What doesn’t work exactly? I’m not disputing your assertion - just curious. If you move it to a different folder (or different folders), you should still be able to access it via any IMAP client or via webmail.

You may also want to check how you have webmail set to sort stuff - I don’t think it defaults to a threaded view, but sorting by threads will slow things down somewhat.


#9

If I use my email client to create the sub folders off of the inbox, they don’t show up in webmail. If I use mailboxes.mydomain.com, the emails seem to just get deleted rather than archived.


#10

I thought this might be the problem.

You just need to subscribe to them in webmail under the “Folders” menu.


#11

ahhhh, I’ll give that a try. thanks much.

I just got a response from tech support too. I told them almost exactly what I said here…

You can use your ISP’s outgoing server instead of your domain.

Considering it’s been a known fact for years that several major ISPs (and the list is growing) do not allow this, it seems a little irresponsible to provide an answer which could only worsen the situation (and not even hinting to that).

We’re using a Symantec virus that will automatically expire - please check their site for more info.

Well, if you’re using a Symantec virus, how about NOT using a virus at all so I can send my email?

I’m guessing she’s hinting that since the virus quits on the 12th, you’ll be turning off the filters. I hope you don’t have to turn them back on for Doomjuice.


#12

What ISPs don’t provide outgoing mail servers for their customers? Many block port 25 outbound, but this would have the opposite effect (you’d have to use their server for outgoing mail, or else connect to our mail servers on port 587). I know of one ISP that doesn’t allow customers to send mail out with a domain other than that ISP’s domain (I think it’s Verizon), but other than that, using the ISPs mail server for outbound mail is probably preferable to using ours (unless the ISP provides really poor quality service).

I was very reluctant about putting these checks in place for a number of reasons… but the bottom line is that a LOT more people are bothered by the viruses than are bothered by sometimes having problems sending .zip attachments… As soon as we’re safely able to remove this block, we will do so. If we find a regexp which is effective and blocks less legitimate mail, we will implement that. As mentioned elsewhere, we are looking into more effective long-term solutions.


#13

[quote]What ISPs don’t provide outgoing mail servers for their customers?

[/quote]

Well, I just wanted to comment this one a little bit, give you a European view :slight_smile:

Many cellular operators provide Internet service for cellular phones but do not provide any other services. For example: I have a GPRS service from my operator so I can access the web resources with cellular phone’s own xHTML capable browser or built-in Opera browser. I am able to use built-in email client to access email server but there is no incoming/outgoing email servers available for users.

So, what I am doing while I am on the road? I browse the web sites using one of the built-in browsers and access my email using the built-in client (configured to use our domain’s resources).

Yes, I know … SMTP is not using SSL so I am basicly taking some unnecessary risks here …

Just wanted to point out that there is certain type of “ISP”, which does not provide outgoing mail servers while providing basic IP traffic possibility. Well, I guess I would not call my cellular operator as ISP in this case but I could not invent better term.

  • miikka

#14

Earthlink is another that does that. Many free ISPs also don’t supply outgoing SMTP.

Comcast doesn’t allow the use of their mail servers outside of their network (I often dialup while traveling, using my cell phone).

T-Mobile’s hotspots also don’t do SMTP. Starwood hotels with broadband also don’t offer SMTP. Same goes with every airport I’ve tried. Sprint PCS also doesn’t offer SMTP service.

There may have been some recent changes, but for years it was against AOL’s EULA to use them for outgoing SMTP for anything other than the AOL domain. With the recent Virginia spam law, using the hack some used to get around that, could land you in jail for many years. (Now the Fed law negates that, but that in itself challenges state sovereignty…)

If DH blocking email is a default, that’s fine with me. I would like an option to turn that off, however.


#15

It’s not a “default” exactly - it was an emergency measure (which we announced, and which has been removed as of this morning). As I’ve said before, we were aware of the problems doing this would cause, and decided that the benefits outweighed the problems which would likely come up.

It’s not currently possible (with our setup) to selectively block mail based on header or body checks - the block applies to all incoming and outgoing mail. If you want a particular address to be exempt from certain other UBE checks (specifically the DNSBL ones), this is possible by contacting support (though I wouldn’t recommend it in most cases).


#16

Hi Will,

As always, thanks for the reply :slight_smile:

I was thinking of this when I mentioned “default”:

I totally understand that the benefits of having such a filter was the best for the majority of your customers. I’ve used DH since 1997 and been very happy with you all. At this point, I’ve referred enough people that I actually make money off of being a DH customer. Even through all that, having to worry that I might not be able to email a client a file is a huge issue for me. I don’t care if I get every Windows virus known to man, plus some new ones for which there are no patches… other than having to DL them, it wont effect me.

As I mentioned before, I received close to 3000 emails on my DH account before you guys implemented the filter. That said, I would rather have to filter those messages myself than risk losing an email from a client.

I do have one address I would like to have receive all email. I will think about that if this situation arises again. Thank you for your time and help.


#17

here’s a perfect example of why I don’t want my email filtered - I just got this email from a client. Had filtering been on, I probably wouldn’t have been able to save him:

[quote]Sounds like we could use this what do you think? [client]

-----Original Message-----
From: support@[client’s domain].com
Date: Wed, 03 Mar 2004 21:56:38
To:[client]@[client’s domain].com
Subject: Notify about using the e-mail account.

Hello user of [client’s domain].com e-mail server,

Our antivirus software has detected a large ammount of viruses outgoing
from your email account, you may use our free anti-virus tool to clean up
your computer software.

For more information see the attached file.

Sincerely,
The [client’s domain].com team http://www.[client’s domain].com

Sent via BlackBerry (attachment Message.pif)[/quote]