Am Montag, 25. August 2003 22:20 schrieb Buchan Milne:
> Keld J�rn Simonsen wrote:
> > How can you stop the virus flooding in cooker?
> >
> > I would like to just stop all mail with some selected
> > set of attachments like .pif and .exe - how is this doable, and is it
> > standard in the MTA?
>
> With header checks enabled in postfix (ie "header_checks =
> regexp:/etc/postfix/header_checks" in main.cf), something like this in
> the header checks file (in this case /etc/postfix/header_checks) should
> work (minimally tested, we had something similar in production, but this
> was fished off /. today):
>
> /^Content-(Type|Disposition):.*(file)?name=.*\.(asd|bat|chm|cmd|dll|exe|hlp
>|hta|jse|lnk|ocx|pif|scr|shb|shm|shs|vb|vbe|vbs|vbx|vxd|wsf|wsh)/REJECT
> Sorry, we do not accept .${3} file types.
> (all on one line)With postfix this is not header_checks but mime_header_checks. > > > Would be nice to announce 9.2 with the ability to just ignore virus like > > this. > > > > And the MTA should not snd any messages back when this is done, as the > > sender most likely is not the real sender. > > This just gives an SMTP error message, which may result in the sending > SMTP client to return the mail. But it's not good practise to return a > good return code when not delivering mail, our users will ask why they > send mail and it never arrives ... > > > And please, no mail to the root on the current mail system. > > I had a system with 500 MB for /var but it was filled up in > > less than a day with error messages on sobit.f to root. > > You should alias root to a real user, since postfix refuses to use > procmail when delivering as root, and the default procmail setup will > reject mail once 50MB is reached on the mail spool. Btw: why does mandrake use procmail for local delivery. Most users don't use procmail (it is much to difficult to set up) and those who want to, can use the .forward file. There is no need to start a second program to deliver. > > > Could the standard MTA be set up to do something reasonable defaults > > in 9.2? > > IMHO, intrusive defaults (like a default header check) should only be > done if there is a config tool which can modify them. And, like the chroot stuff, there are many users who will be lost, if they do a little change and nothing is working any more. And the body_* and header_ check stuff can not be bypassed. > > Regards, > Buchan > > (waiting for drakmailserver) Martin -- ------------------------------------------------------------ H E L I X Gesellschaft f�r Software & Engineering mbH ------------------------------------------------------------ Hanauer Landstrasse 52 Telefon (069) 4789 35-30 D-60314 Frankfurt am Main Telefax (069) 4789 35-44 ------------------------------------------------------------ http://www.helix-gmbh.net [EMAIL PROTECTED] ------------------------------------------------------------
pgp00000.pgp
Description: signature
