Postfix anti-antivirus (was Re: [linux-elitists] procmail recipe for mydoom?)

Karsten M. Self
Wed Feb 4 10:00:19 PST 2004

on Wed, Feb 04, 2004 at 05:38:15PM +0100, Ralf Hildebrandt ( wrote:
> * Karsten M. Self <>:
> > > a) there is more than one RFC-ignorant blacklist
> > 
> > Care to enlighten us to those you find useful/useless?  I suspect most
> > of us are familiar with
> I personally find ALL useful, bit for blocking on the SMTP level I'd
> only use DSN.

Yeah, DSN as an anti-sapm technique is great.

Better:  move the process to your firewall and deny packets.  See SPEWS
and some recent NANAE discussion on this.

> All others can be used from within SpamAssassin.

...which can be invoked from your MTA.

> > *Most* DNSBLs provide false-positive results, in terms of flagging
> > mail which isn't strictly spam.  Hell, you'd expect them to.  They
> > don't flag email, they flag IPs, and do so on various criteria.
> But then these lists are not about spam.

Not so.  

Some are, explicitly (SpamCop, Spamhaus, SORBS DNSBL).  Some aren't
(SPEWS (spam++), rfc-ignorant, DUL, various CCTLD blacklists).  However
all affect IPs, and should be considered a corrolate.  Possibly a
behavioral training tool.


Karsten M. Self <>
 What Part of "Gestalt" don't you understand?
    The black hat community is drooling over the possibility of a secure
    execution environment that would allow applications to run in a
    secure area which cannot be attached to via debuggers.
    - Jason Spence, on Palladium aka NGCSB aka "Trusted Computing"
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : 

More information about the linux-elitists mailing list