Re: SWEN isn't slowing down

Wed, 08 Oct 2003 06:17:23 -0700 

On Tue, Oct 07, 2003 at 08:31:53AM -0700, A P wrote:

| I have added practically every major country suffix in my
| /etc/mail/access file

Why?

| and I am discovering new ones every day!

Naturally.  Search on google to find the listing of ISO country codes.
You can add all of them at once and never discover another new one.
(well, at least not until a new country is created or develops enough
technology to be added to the ISO list)

| Man, I am so close to blocking "net" and "com".

Again, why?

| Well, in that case I might just as well shutdown my email server.

If you are going to universally block everyone anyways then you're
right, you 

| Although I must say that it's kind of satisfying to see "reject=553"
| messages in syslog.

Rather than universally blocking various TLDs, why not just block the
content that you dislike?  It's really very effective.  (Oh, btw, 80
copies of swen per day isn't a whole lot.  I receive between 150 and
300 and some sites get 10 times that)

Here's a sample from my /etc/postfix/body_checks (a pcre map) :

    # All .exe files from MSVC have the same starting bytes
    /^TVqQAAMAAAAEAAAA\/\/8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA*$/

    # Dumb.  Just plain dumb.
    /^Outgoing mail is certified Virus Free\.$/                             IGNORE
    |^Version: .\..\.... / Virus Database: ... - Release Date: .?./../..(?:..)?$|  
IGNORE

    # Just as dumb.
    /Antigen for Exchange found/        DISCARD
    /Sophos Plc MailMonitor for Domino/ DISCARD
    /^-----------+ +Virus Warning Message /                     DISCARD



And this is from header_checks :

    # Dumb. Dumber. and Dumberer.
    /^From: NAV for Microsoft Exchange/     DISCARD
    /^Subject: .*(?:NAV|Norton AntiVirus) detected (?:and quarantined )?a virus/  
DISCARD
    /^Subject: .*ScanMail for Lotus Notes/  DISCARD
    /^Subject: .*Symantec AVF detected a.*virus/    DISCARD
    /^Subject: .*Virus Alert/               DISCARD
    /^Subject: .*A Virus was detected/      DISCARD
    /^Subject: .*VIRUS IN YOUR MAIL/        DISCARD
    /^Subject: .*Virus Detected by Network Associates/  DISCARD


-D

-- 
"Open Source Software - Sometimes you get more than you paid for..."
 
http://dman13.dyndns.org/~dman/

Attachment: pgp00000.pgp
Description: PGP signature

Reply via email to