On Mon, Aug 25, 2003 at 10:13:18PM +0200, Guillaume Rousse wrote: > Ainsi parlait Keld Jørn Simonsen : > > How can you stop the virus flooding in cooker? > > > > I would like to just stop all mail with some selected > > set of attachments like .pif and .exe - how is this doable, and is it > > standard in the MTA? > for postfix, use body_check directive > in /etc/postfix/main.cf > body_checks = regexp:/etc/postfix/body_check > > in /etc/postfix/body_checks > /^TVqQAAMAAAAEAAAA\/\/8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA$/ > REJECT sobig.f > > > Would be nice to announce 9.2 with the ability to just ignore virus like > > this. > We are talking of a mail server there, aka stuff supposed to be used by > competent people only. I don't see the point of providing them default > configuration that won't match their needs.
Well, people are more or less competent. I have been running MTAs under Unix/linux for more than 20 years, and I have tweeked sendmail rules and hacked sendmail a number of times, but I did not know how to tweek postfix to handle sobit.f in a proper way. Better put our collective wisdom down into our defaults. Anyway, I would like also to know how to handle things like sobit.f and all of the associated error mail in a reasonable way for POP/IMAP clients. > > And the MTA should not snd any messages back when this is done, as the > > sender most likely is not the real sender. > the REJECT directive here just send the mail back to the real sender during > the STMP transaction, which is the virus here. Sounds sensible enough. Best regards Keld