Re: Virus emails
Hi,
Graham Wilson wrote:
> On Mon, Sep 22, 2003 at 04:53:16PM +0200, Matthias Urlichs wrote:
> > A pure MTA solution would still need to scan the body and thus would
> > still eat your bandwidth.
>
> i have postfix's body_checks setup to reject lines that match the
> following regular expression (this is the first line of the base64
> encoded virus):
>
> /^TVqQAAMAAAAEAAAA\/\/8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
>AAAAA$/
>
> i'm not sure when postfix closes the connection,
It nees to receive all the data. Otherwise the sender will treat the closed
connection as a temporary failure and try again a few minutes later.
An aggressive solution would remember the IP address and reject the next email
from that destination, but I don't think postfix does that.
--
Matthias Urlichs | {M:U} IT Design @ m-u-it.de | smurf@debian.org
Disclaimer: The quote was selected randomly. Really. | http://smurf.debian.net
- -
Kramer's Law:
You can never tell which way the train went by looking at the tracks.
Reply to: