Hi, Is there something similar for exim (woody version)? I don't care too much about the incoming bandwidth, but more about the resources that the spam and virus checks consume, especially during these spam virus waves. So I could add a (hopefully) cheap check at MTA level to reject these mails until the wave is over.
Joachim Am Di, 2003-09-23 um 04.29 schrieb Graham Wilson: > On Mon, Sep 22, 2003 at 04:53:16PM +0200, Matthias Urlichs wrote: > > Hi, Mike Hommey wrote: > > > helps catching 95%... But the bandwidth is still used... I'm still > > > looking for a pure MTA solution... > > > > A pure MTA solution would still need to scan the body and thus would still > > eat your bandwidth. > > i have postfix's body_checks setup to reject lines that match the > following regular expression (this is the first line of the base64 > encoded virus): > > /^TVqQAAMAAAAEAAAA\/\/8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA$/ > > i'm not sure when postfix closes the connection, whether its after > recieving a matching line, or after the client is done sending data. if > the former though, this would be a good "pure" mta solution that doesn't > conserve too much bandwidth. > > as to effectiveness, i've blocked 664 messages since saturday afternoon. > i still get some swen messages through, but they have had the virus > stripped already, so the message is considerably smaller. -- Joachim "nomeata" Breitner e-Mail: [EMAIL PROTECTED] | Homepage: http://www.joachim-breitner.de JID: [EMAIL PROTECTED] | GPG-Keyid: 4743206C | ICQ#: 74513189 Geekcode: GCS/IT/S d-- s++:- a--- C++ UL+++ P+++ !E W+++ N-- !W O? M?>+ V? PS++ PE PGP++ t? 5? X- R+ tv- b++ DI+ D+ G e+>* h! z? Bitte senden Sie mir keine Word- oder PowerPoint-Anhänge. Siehe http://www.fsf.org/philosophy/no-word-attachments.de.html
signature.asc
Description: Dies ist ein digital signierter Nachrichtenteil