l�r, 01.05.2004 kl. 11.26 skrev Bram Mertens: > I have received several messages containing attachments from this list > with Austin Gonyou's e-mail address as the sender's address. > > I have been trying to write a rule to catch these but have so far been > unsuccesful (I have a pop3 account so I can't reject them). I have > noticed that all faked messages contain a received header containing: > "skeptopotamus.ximian.com" while none of the messages Austin wrote > contain this header. > > I tried a rule that looks for Austin's e-mail address and this specific > header but I must be doing something wrong. Can anybody explain how > this must be specified?
I run my own Postfix 2.1 (version just released) mail server and check for and reject all messages with most Microsoft attachments using PCRE (Perl compatible regexp) regexps. Postfix makes this very easy to do with header, mime header and body checks, but you have to be able to write regexps ;) The last one from the Evo list yesterday, Information.cpl, was caught with a mime header check regexp that looks like: /^(?:Content-Type:\s(?:application\/(octet\-stream;|x\-msdownload;|audio\/x\-wav;)?)? name=".+\.)?(asd|bat|chm|cmd|com|cpl|dll|exe|hlp|hta|js|jse|lnk|ocx|pif|scr|shb|shm|shs|vb|vbe|vbs|vbx|vxd|wsf|wsh|zip)"/ I have 4 different mime header and body regexps that catch all attachments. > Perhaps these kind of checks can be run at the mailing list server? That's the best place for it. --Tonni -- We make out of the quarrel with others rhetoric but out of the quarrel with ourselves, poetry. mail: billy - at - billy.demon.nl http://www.billy.demon.nl _______________________________________________ evolution maillist - [EMAIL PROTECTED] http://lists.ximian.com/mailman/listinfo/evolution
