.zip,.exe attachments and spam assassin
jdow
jdow at earthlink.net
Wed Nov 23 07:46:46 UTC 2005
From: "Roger Grosswiler" <roger at gwch.net>
>> On Tue, 2005-11-22 at 13:38 +0100, Roger Grosswiler wrote:
>>> > I've gotten a ton of viruses today - there seems to be a worm lose
>>> > again.
>>> >
>>> > I've come to the realization that I have never ever received a zip
>>> > attachment from someone not in my address book that I actually wanted,
>>> > so I would like to set a spam assassin rule to mark mail with a .zip
>>> > or .exe with a high spam score (my address book is white listed)
>>> >
>>> > Anyone know how to do this off hand?
>>> >
>>> > Another possibility would be a procmail rule - I use procmail to
>>> filter
>>> > my mail - but since spamassassin already knows about my whitelist, I'd
>>> > rather do it in spamassassin.
>>> >
>
>>> i did this in postfix:
>>>
>>> i added in /etc/postfix/ a file called mime_headers_check with this
>>> content:
>>
>> That wouldn't really work for me for two reasons -
>>
>> 1) I don't want to reject them, the fm header is usually forged - so
>> rejecting just sends them to someone else who more than likely did not
>> send it to me.
>>
>> 2) My postfix is only allowed to talk on my lan - I use fetchmail to pop
>> my accounts (which processes them with spamassassin), procmail to filter
>> them into my mailboxes (which is then served via imap to my clients).
>> postfix is used for some stuff, but only on the lan - it can't send to
>> outside world. To get to outside world, I use my mail account providers
>> smtp server.
>>
>> I'm sure there is a spamassassin way to give a high score based upon
>> attachment extensions - I'll see if I can find it.
> 2 things:
> 1)
> in my opinion, procmail listens to mta such as sendmail or postfix. Using
> fetchmail in my opinion delivers to mtas like the same. so, an incoming
> e-mail should also pass by your postfix-server? or am i wrong here?
This is not necessarily true, Roger. I have my .procmailrc and
.fetchmailrc templates configured to deliver directly to the
/mail/<user> mbox file without passing through any sendmail at
all. I can leave the smtp facility turned off completely and still
receive incoming mail.
{^_^}
More information about the users
mailing list