At 09:33 AM 9.9.2004 -0400, Theo Van Dinter wrote: >On Wed, Sep 08, 2004 at 10:49:09PM -0700, Loren Wilton wrote: >> However, it has been removed from 3.0. And while I agree with removing >> binary attachments before scanning in SA, I consider that removing the >> mime-part header that contained the type and name is a mistake. There have >> been any number of times I've wanted to use that info for spam signs, and it >> just isn't there. > >There's a few things here. > >First, the body-mime headers aren't typically visible to the user via MUA, >so they're not included in the data that the standard rules run against. > >Second, viruses and worms aren't spam, and body-mime headers have not >historically provided enough useful anti-spam information to have a >special ruletype to look at them. > >Third, it's trivial to write a plugin to go through them if you really need >them for something. Something ala: >
FWIW, I catch 99% of the offending attachments (and spam) right at the "front door" or at the MTA using milter-regex (for Sendmail) and Milter-Greylist. I prefer not to have the bad stuff on my server if at all possible, and want to avoid using those heavier resources for snagging, and thus (except for the 1%) they never reach to SA or Procmail. Vsnagger plug-in for Procmail (by Dallman Ross) catches the remaining 1%. Thus, now instead of having to catch 90+% of spam with spamassassin, it is only used for the 1%. It has really relieved the use of resources. So, if you use Sendmail, "milters" are my first choice -- regex-milter, greylist-milter, spamass-milter (with a threshold for blocking), then spamd kicks in at a low threshold and, finally, Procmail with custom recipes. I love all of these tools, including SA, but one or two just won't do it all. If anyone with Sendmail is interested in using milters: http://www.benzedrine.cx/milter-regex.html http://hcpnet.free.fr/milter-greylist/ http://www.milter.org/ HTH Best regards, Jack L. Stone, Administrator Sage American http://www.sage-american.com [EMAIL PROTECTED]
