[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Virus emails


Graham Wilson wrote:
> On Mon, Sep 22, 2003 at 04:53:16PM +0200, Matthias Urlichs wrote:
> > A pure MTA solution would still need to scan the body and thus would
> > still eat your bandwidth.
> i have postfix's body_checks setup to reject lines that match the
> following regular expression (this is the first line of the base64
> encoded virus):
> i'm not sure when postfix closes the connection, 

It nees to receive all the data. Otherwise the sender will treat the closed 
connection as a temporary failure and try again a few minutes later.

An aggressive solution would remember the IP address and reject the next email 
from that destination, but I don't think postfix does that.

Matthias Urlichs    |    {M:U} IT Design @ m-u-it.de     |    smurf@debian.org
Disclaimer: The quote was selected randomly. Really. | http://smurf.debian.net
 - -
Kramer's Law:
	You can never tell which way the train went by looking at the tracks.

Reply to: