How can you stop the virus flooding in cooker?
I would like to just stop all mail with some selected set of attachments like .pif and .exe - how is this doable, and is it
standard in the MTA?
Would be nice to announce 9.2 with the ability to just ignore virus like
this.
this is easy to do: (i assume you have postfix 2.0 or greater)
create the file /etc/postfix/header_checks containing one of these lines
/^Content-(Type|Disposition):.* (file)?name="?.*\.[A-Za-z0-9]+\.(asd|exe|bat|chm|com|cil|dll|hlp|hta|js|lnk|nws|ocx|pif|reg|scr|sh[bs]|vb|vb[se]|ws[cfh]|msi)"?/ REJECT
/^Content-(Type|Disposition):.* (file)?name="?.*\.(asd|exe|bat|chm|com|cil|dll|hlp|hta|js|lnk|nws|ocx|pif|reg|scr|sh[bs]|vb|vb[se]|ws[cfh]|msi)"?/ REJECT
the first blocks attachs with double extension ala readme.doc.pif the second blocks exexutable attachments
then at the root prompt issue the command postconf -e "header_checks = regexp:/etc/postfix/header_checks"
And the MTA should not snd any messages back when this is done, as the sender most likely is not the real sender.
change the last word to read DISCARD, but in this case noone will know unless you read your logs and advise those poor souls that actually sent you a non-virus banned attachment. If you leave REJECT it might or might not warn the sender depending on the mta that was used for sending the mail.
Could the standard MTA be set up to do something reasonable defaults in 9.2?
i believe the first is reasonable (double attach with discard), the second is not that much reasonable. putting DISCARD is EVIL, and should not be done.
if you really want to do virus filtering install amavisd-new and clamav from contrib. amavisd will actually check for a virus and does not reply to worms.
what should be done for the distro (a bit late for 9.2, but mandrakesoft should think about next release) is adding a decent program (i'd call it mailerdrake) to mcc that is used to configure postfix, amavisd, spamassassin, cyrus (or courier, or dovecot).
regards, L.
-- Luca Berra -- [EMAIL PROTECTED] Communication Media & Services S.r.l. /"\ \ / ASCII RIBBON CAMPAIGN X AGAINST HTML MAIL / \