RE: Blocking .exe in zips (was Re: Lots of Polish spam)
That's what I did. I went with Zendto also as David Jones recommended. It works great, and solves both the restricted file issue as well as an email size problem. It's not unusual for users to attach half a dozen photos to a message these days and never realize they're 8-10 MB each... ...Kevin -- Kevin Miller Network/email Administrator, CBJ MIS Dept. 155 South Seward Street Juneau, Alaska 99801 Phone: (907) 586-0242, Fax: (907) 586-4500 Registered Linux User No: 307357 > -Original Message- > From: Yves Goergen [mailto:nospam.l...@unclassified.de] > Sent: Wednesday, February 25, 2015 1:28 PM > To: Dave Warren; users@spamassassin.apache.org > Subject: Re: Blocking .exe in zips (was Re: Lots of Polish spam) > > Am 25.02.2015 um 23:04 schrieb Dave Warren: > > On 2015-02-25 12:18, David F. Skoll wrote: > >> So far, no major complaints. The few who really need to send such > >> files rename them to .ex_ before zipping them up. We have a fairly > >> large userbase (more than 140,000) so I think we would have heard > >> lots of complaints by now if people really couldn't live with the > policy. > > > > Seconded. I run a small hosting company with email for hundreds of > > clients, I've had a grand total of 0 complaints about blocking EXE, > > SCR, COM and similar types. We maybe get one inquiry per year about > > it, but no one has ever had a problem with .ex_ solutions, and they > > generally understand and appreciate the approach. > > > > It scales up to large installations as well, Google blocks executable > > files (even if zipped) too, and they seem to be doing alright in the > > email world: https://support.google.com/mail/answer/6590?hl=en > > That's an interesting point, I wouldn't have thought it could work. I > was thinking about installing a "private" file sharing website for our > users already (ad-free and with authentication only), so that could go > together well with an announcement that executable files would no longer > be allowed in e-mails. > > -- > Yves Goergen > http://unclassified.software
Re: Blocking .exe in zips (was Re: Lots of Polish spam)
Am 25.02.2015 um 23:04 schrieb Dave Warren: On 2015-02-25 12:18, David F. Skoll wrote: So far, no major complaints. The few who really need to send such files rename them to .ex_ before zipping them up. We have a fairly large userbase (more than 140,000) so I think we would have heard lots of complaints by now if people really couldn't live with the policy. Seconded. I run a small hosting company with email for hundreds of clients, I've had a grand total of 0 complaints about blocking EXE, SCR, COM and similar types. We maybe get one inquiry per year about it, but no one has ever had a problem with .ex_ solutions, and they generally understand and appreciate the approach. It scales up to large installations as well, Google blocks executable files (even if zipped) too, and they seem to be doing alright in the email world: https://support.google.com/mail/answer/6590?hl=en That's an interesting point, I wouldn't have thought it could work. I was thinking about installing a "private" file sharing website for our users already (ad-free and with authentication only), so that could go together well with an announcement that executable files would no longer be allowed in e-mails. -- Yves Goergen http://unclassified.software
Re: Blocking .exe in zips (was Re: Lots of Polish spam)
On 2015-02-25 12:18, David F. Skoll wrote: On Tue, 24 Feb 2015 23:06:02 +0100 Yves Goergen wrote: If the mail server now blocks all .exe in .zip without actually scanning the contents, they're going to complain. <...> So far, no major complaints. The few who really need to send such files rename them to .ex_ before zipping them up. We have a fairly large userbase (more than 140,000) so I think we would have heard lots of complaints by now if people really couldn't live with the policy. Seconded. I run a small hosting company with email for hundreds of clients, I've had a grand total of 0 complaints about blocking EXE, SCR, COM and similar types. We maybe get one inquiry per year about it, but no one has ever had a problem with .ex_ solutions, and they generally understand and appreciate the approach. It scales up to large installations as well, Google blocks executable files (even if zipped) too, and they seem to be doing alright in the email world: https://support.google.com/mail/answer/6590?hl=en -- Dave Warren http://www.hireahit.com/ http://ca.linkedin.com/in/davejwarren
Blocking .exe in zips (was Re: Lots of Polish spam)
On Tue, 24 Feb 2015 23:06:02 +0100 Yves Goergen wrote: > If the mail server now blocks all .exe in .zip without > actually scanning the contents, they're going to complain. At some point, you need to be firm and take care of your users' security. We run a commercial filtering service and we unconditionally block exe (and scr, etc.) files whether directly attached or in an archive. We don't give our customers any say in the matter, though we do of course inform them of the policy up front. So far, no major complaints. The few who really need to send such files rename them to .ex_ before zipping them up. We have a fairly large userbase (more than 140,000) so I think we would have heard lots of complaints by now if people really couldn't live with the policy. Regards, David.