Hi,
Is there something similar for exim (woody version)? I don't care too
much about the incoming bandwidth, but more about the resources that the
spam and virus checks consume, especially during these spam virus waves.
So I could add a (hopefully) cheap check at MTA level to reject these
mails until the wave is over.
Joachim
Am Di, 2003-09-23 um 04.29 schrieb Graham Wilson:
> On Mon, Sep 22, 2003 at 04:53:16PM +0200, Matthias Urlichs wrote:
> > Hi, Mike Hommey wrote:
> > > helps catching 95%... But the bandwidth is still used... I'm still
> > > looking for a pure MTA solution...
> >
> > A pure MTA solution would still need to scan the body and thus would still
> > eat your bandwidth.
>
> i have postfix's body_checks setup to reject lines that match the
> following regular expression (this is the first line of the base64
> encoded virus):
>
> /^TVqQAAMAAAAEAAAA\/\/8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA$/
>
> i'm not sure when postfix closes the connection, whether its after
> recieving a matching line, or after the client is done sending data. if
> the former though, this would be a good "pure" mta solution that doesn't
> conserve too much bandwidth.
>
> as to effectiveness, i've blocked 664 messages since saturday afternoon.
> i still get some swen messages through, but they have had the virus
> stripped already, so the message is considerably smaller.
--
Joachim "nomeata" Breitner
e-Mail: mail@joachim-breitner.de | Homepage: http://www.joachim-breitner.de
JID: joachimbreitner@amessage.de | GPG-Keyid: 4743206C | ICQ#: 74513189
Geekcode: GCS/IT/S d-- s++:- a--- C++ UL+++ P+++ !E W+++ N-- !W O? M?>+ V?
PS++ PE PGP++ t? 5? X- R+ tv- b++ DI+ D+ G e+>* h! z?
Bitte senden Sie mir keine Word- oder PowerPoint-Anhänge.
Siehe http://www.fsf.org/philosophy/no-word-attachments.de.html
Attachment:
signature.asc
Description: Dies ist ein digital signierter Nachrichtenteil