Bob McElrath said: > Jacob Anawalt [EMAIL PROTECTED] wrote: >> I guess that's as effective for reducing the bulk of your inbox as >> sending >> "550 executables not accepted", especially if you don't have control >> over >> the mail server and you match this virus with 100% accuracy. >> >> Either way, /dev/null or 550 after DATA crlf.crlf you've recieved the >> whole message. > > "550 executables not accepted" would obviously be a superior solution. > How do you do it? My google searches and list archive searches turned > up nothing... >
I use postfix v1.x, so I implement the body_checks regexp method, matching the MS executable MIME 'fingerprint' mentioned here: http://sbserv.stahl.bau.tu-bs.de/~hildeb/postfix/postfix_sobigf.shtml It's been a while since I used Sendmail and even when I used I didn't understand most of the settings, but there's got to be something similar. Someday viruses will zip themselves and this check will fail. Then I'll need to unzip and scan before giving the 250 OK after DATA or reject all zip attachments as well :( . Too bad there isn't some big public server to upload stuff to and the only thing you send in an email is a url that expires. One copy sits on one server, only a url sits in the server's mailbox. OpenPGP sign or encrypt your data and it's safe. I could do this myself and I don't always do it because emailing an attachment is so easy on both ends. I've had a hard time getting the person on the other end to go to a web page (AOL user...) If all email clients used this for <attach>... :) P.S. I notice you use [EMAIL PROTECTED] Is this email address only for list traffic? I'm toying w/ the idea of doing that and only accepting email to that address that comes from the list. Topic: Anti-Spam ideas for usenet/list harvested email addresses. -- Jacob Trying out SquirrelMail -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]