Jacob Anawalt [EMAIL PROTECTED] wrote: > > Bob McElrath said: > > Jacob Anawalt [EMAIL PROTECTED] wrote: > >> I guess that's as effective for reducing the bulk of your inbox as > >> sending > >> "550 executables not accepted", especially if you don't have control > >> over > >> the mail server and you match this virus with 100% accuracy. > >> > >> Either way, /dev/null or 550 after DATA crlf.crlf you've recieved the > >> whole message. > > > > "550 executables not accepted" would obviously be a superior solution. > > How do you do it? My google searches and list archive searches turned > > up nothing... > > > > I use postfix v1.x, so I implement the body_checks regexp method, matching > the MS executable MIME 'fingerprint' mentioned here: > > http://sbserv.stahl.bau.tu-bs.de/~hildeb/postfix/postfix_sobigf.shtml > > It's been a while since I used Sendmail and even when I used I didn't > understand most of the settings, but there's got to be something similar.
Darn, I was hoping (aren't we all) for a way to reject it before the
whole thing is sent. You know...it wouldn't be hard to scan the input
for the EXE header and close the connection as soon as it's seen. Then
you'd only download 1k or so rather than 150k...
> P.S. I notice you use [EMAIL PROTECTED] Is this email address only for list
> traffic? I'm toying w/ the idea of doing that and only accepting email to
> that address that comes from the list. Topic: Anti-Spam ideas for
> usenet/list harvested email addresses.
Yes, I'm reciving 80k copies of Swen because of the debian/usenet
gateway, and one time when I didn't use bob+debian. :(
The "plus" addresses (anything on the right side of the plus, and the
plus can be a minus too) is RFC compliant and sendmail automatically
ignores the RHS of the +/-. It's supposed to be "local delivery"
information -- like which mailbox to put it into. Of course
[EMAIL PROTECTED] is not a valid email and that's what most harvesters
pick up. Occasionally I see attempts in my logs to deliver to such
addresses. Be aware though that many web-forms out there are broken and
don't accept the + in an email field. (For which I usually make an
alias using an underscore)
Only accepting email that comes from the list to the +debian address
wouldn't work because of people (like yourself) that reply to my mails.
Cheers,
Bob McElrath [Univ. of California at Davis, Department of Physics]
"Knowledge will forever govern ignorance, and a people who mean to
be their own governors, must arm themselves with the power knowledge
gives. A popular government without popular information or the means
of acquiring it, is but a prologue to a farce or a tragedy or
perhaps both."
- James Madison
signature.asc
Description: Digital signature
