and the content. Also CPU utulization grows non-linearly. What we do now is check source of the smtp connection, compare that ip against a couple of RBL lists, then either reject the connection or continue with the transaction.
The upside is that I do not constantly need to tinker with our scripts, we see a massive reduction in bandwidth utilization (the messages are rejected before any
data is transmitted), and the sender gets a bounceback that aids in thecorrection of a false positive. I know I am getting tired of email black holes
(the U of C was getting bad for this about 2 years ago). I save content filtering for mail sorting once mail is accepted (sieve is awesome btw).There are of course other perspectives but this approach seems to me to strike a
reasonable balance between facilitating communication (which is what email is supposed to used for) and removing unwanted messages. If interested I can give you a list of currently used RBLs. --No trees were harmed in the transmission of this message, however a large number
of electrons were seriously inconvenienced. Quoting Tek Budda <[EMAIL PROTECTED]>:
Tek Budda wrote:Hope someone can help.We use a modified version of the inflex script for doing our mail filtering. This was established by my old boss and was working very well. But lately we have been getting a lot more spam and I want to be able to add items to it to stop the flow of crap coming into inboxes.Problem being is that my old boss forgot to show me how to add stuff to it. I have tried googling a bit and have checked the project page, but I am just not sure if I am looking at the right thing.I am fine with this part: # How do I add more file types to block?Around line 306 of the /usr/local/inflex/inflex script. You will notice there are lines which look like (note, filename scanning starts at ~325):${cut} -d: -f2 ${tmpdir}/fileresults | ${grep} "MS-DOS executable" >> ${typebadfileslog} ${cut} -d: -f2 ${tmpdir}/fileresults | ${grep} "PC bitmap data" gt;gt; ${typebadfileslog} ${cut} -d: -f2 ${tmpdir}/fileresults | ${grep} "AVI" gt;gt; ${typebadfileslog}The file type descriptor (ie "AVI", "MPEG") is from the /etc/magic file. Just add another ${grep} line to the end of the current list, with the new /etc/magic tag type you're trying to block.# Can I search for text strings in messages?This is what I am not sure about. I am wanting to filter on the subject messages if at all possible because we are getting al lot of the same spams. Around line 343 of the /usr/local/inflex/inflex script you'll see the entries required for scanning for text in your files. NOTE that I'm using grep -ri, this is for [R]ecursive and case[I]nsensitive scanning. You can change this as you wish.#grep -ri "Kill the boss" ${tmpdir}/* gt;gt; ${textbadfileslog} grep -ri "> > > >" ${unpackdir}/* gt;gt; ${textbadfileslog}I will continue digging aorund and mulling through the script as well to find some hints, but if anyone has any ideas or suggestions please let me know.I may have found the answer to my own question but would still welcome any comments or suggestions._______________________________________________ clug-talk mailing list [email protected] http://clug.ca/mailman/listinfo/clug-talk_clug.ca Mailing List Guidelines (http://clug.ca/ml_guidelines.php) **Please remove these lines when replying
--------------------------------------------------- This message was sent using Echostar Secure Webmail
pgpr22b3q19vd.pgp
Description: PGP Digital Signature
_______________________________________________ clug-talk mailing list [email protected] http://clug.ca/mailman/listinfo/clug-talk_clug.ca Mailing List Guidelines (http://clug.ca/ml_guidelines.php) **Please remove these lines when replying
