Michael Leone said: > Here's the list of stuff I block - > > /^(Content-Disposition: > >attachment;.*|Content-Type:.*|\s+)(file)?name="?.*(\.|=2E)(lnk|hta|com|pif|vbs|vbe|js|jse|exe|bat|cmd|vxd|scr|shm|dll)"?$/ > REJECT > > And that covers just about any virus-ladened executable attachment out > there. And the AV scan is for everything else. The virus email yesterday > had a supposed "gc.bat" as an attachment. Also blocked a 2nd one with a > "style.bat" attachment, as well as rejecting one that came thru an open > relay in the ORDB database. And then I run SpamAssassin for all users > (me and a couple friends :-); it tags all suspected spam email, and I > route it to a special folder. There are some false positives, but not > many.
Another thought - as you use the ORDB for open relays, why not use sbl.spamhaus.org as an additional host in the maps_rbl_domains, as it is a realtime list of spammers e-mail addresses and domain names. Just my two penneth! Richard Holland [EMAIL PROTECTED] _______________________________________________ evolution maillist - [EMAIL PROTECTED] http://lists.ximian.com/mailman/listinfo/evolution
