On [Fri, 11.06. 12:03], Liron Newman wrote: > > Goesta Smekal wrote: > > >I do a similar thing for two months : Every mail reportet to be infected gets a > >second treatment: > > > >* look for originating IP (of SMTP envelope, _not_ headers) > >* resolve its domain > >* get the MX for that domain > >* if the IPs are not equal, block the host, since it is an infected, non MX > >host. > > > >This approach works _very_ fine (not a single complain ever since, opposed to > >three complaints due to RDNS check, which started the same time) the SMTP load > >actually is _reduced_ and the "SNDRIP=EIPSPAM" is constantly rising :-) .... and > >of course the virus/day rate is sinking. > > > >Since hosts that send you a virus nowadays are very likely sending you the same > >stuff again soon, blacklisting (IMHO) is a valid option combined with scanning. > > > > > > > Actually a great idea, because 99.999% of the people who would have a > legitimate use for sending you SMTP directly (Running a mailserver or > whatever) are computer-literate enough to avoid getting hit by all that > virus junk.. So the chances of blocking anyone who's running a > mailserver at home (Like me, and yes, my ISP allows that) are slim to > none, and if he's blocked, he deserves it.. > > Care to share that filter? Since you asked for it:
http://korda.smekal.at/xmailtools/MailScan/ _but beware_ this is my subversion repository, not an official release, which I intended to post here when I did some streamlinig and code beautification. So the docs are a bit outdated and the code may be a bit hard to read ... but it does work (obviously WITHOUT ANY WARRANTY ! IT MAY EAT UP ALL YOUR HARDDISKS WITHOUT NOTICE ! If you plan to use this, YOU ARE ON YOUR OWN !) your milage may vary ;-) Goesta -- Wiener Hilfswerk - EDV 1072 Wien, Schottenfeldgasse 29 Tel: 512 36 61 DW 407 / Fax 512 36 61 33 -- Attached file included as plaintext by Ecartis -- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iQEVAwUBQM1OdOEKFiIqAG4fAQKGywgAoQABS3yKhVn8U6mqkiUzBQ+I+4KPE4E9 4P87eyvfTeImcZr5qAxhUO+pUoyLfGB6vr6DHAaguYJH42HR1WRninllPCQI410q zxGBaGEVZHYbYdVJJRdn1rjHida30EVxbyljNq1i3EPvO6eiNodHCYN2BWGH8J1E CY6WogH3244ecsPf7wQhp1CHZkJl8S4/YrrcJc9PP+2EpfdO+CcPtH6k75bg+mHq Ndr3xxutz4xzakbMiC7gWkO41jf7ddKwUjDDyw1jn0UA/6Ku6DuhKBuDbjXVUM3C dUunS5UCfn4vpZK/z2OJYIdvtUFBCUQzSXji8W8OcHd+x11aiuuInA== =2Ea2 -----END PGP SIGNATURE----- - To unsubscribe from this list: send the line "unsubscribe xmail" in the body of a message to [EMAIL PROTECTED] For general help: send the line "help" in the body of a message to [EMAIL PROTECTED]