Postfix anti-antivirus (was Re: [linux-elitists] procmail recipe for mydoom?)
Karsten M. Self
Wed Feb 4 10:00:19 PST 2004
on Wed, Feb 04, 2004 at 05:38:15PM +0100, Ralf Hildebrandt (Ralf.Hildebrandt@charite.de) wrote:
> * Karsten M. Self <firstname.lastname@example.org>:
> > > a) there is more than one RFC-ignorant blacklist
> > Care to enlighten us to those you find useful/useless? I suspect most
> > of us are familiar with rfc-ignorant.org.
> I personally find ALL useful, bit for blocking on the SMTP level I'd
> only use DSN.
Yeah, DSN as an anti-sapm technique is great.
Better: move the process to your firewall and deny packets. See SPEWS
and some recent NANAE discussion on this.
> All others can be used from within SpamAssassin.
...which can be invoked from your MTA.
> > *Most* DNSBLs provide false-positive results, in terms of flagging
> > mail which isn't strictly spam. Hell, you'd expect them to. They
> > don't flag email, they flag IPs, and do so on various criteria.
> But then these lists are not about spam.
Some are, explicitly (SpamCop, Spamhaus, SORBS DNSBL). Some aren't
(SPEWS (spam++), rfc-ignorant, DUL, various CCTLD blacklists). However
all affect IPs, and should be considered a corrolate. Possibly a
behavioral training tool.
Karsten M. Self <email@example.com> http://kmself.home.netcom.com/
What Part of "Gestalt" don't you understand?
The black hat community is drooling over the possibility of a secure
execution environment that would allow applications to run in a
secure area which cannot be attached to via debuggers.
- Jason Spence, on Palladium aka NGCSB aka "Trusted Computing"
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: Digital signature
Url : http://allium.zgp.org/pipermail/linux-elitists/attachments/20040204/3bf5e5d0/attachment.pgp
More information about the linux-elitists