Postfix anti-antivirus (was Re: [linux-elitists] procmail recipe for mydoom?)

Karsten M. Self kmself@ix.netcom.com
Wed Feb 4 10:00:19 PST 2004


on Wed, Feb 04, 2004 at 05:38:15PM +0100, Ralf Hildebrandt (Ralf.Hildebrandt@charite.de) wrote:
> * Karsten M. Self <kmself@ix.netcom.com>:
> 
> > > a) there is more than one RFC-ignorant blacklist
> > 
> > Care to enlighten us to those you find useful/useless?  I suspect most
> > of us are familiar with rfc-ignorant.org.
> 
> I personally find ALL useful, bit for blocking on the SMTP level I'd
> only use DSN.

Yeah, DSN as an anti-sapm technique is great.

Better:  move the process to your firewall and deny packets.  See SPEWS
and some recent NANAE discussion on this.

> All others can be used from within SpamAssassin.

...which can be invoked from your MTA.

> > *Most* DNSBLs provide false-positive results, in terms of flagging
> > mail which isn't strictly spam.  Hell, you'd expect them to.  They
> > don't flag email, they flag IPs, and do so on various criteria.
> 
> But then these lists are not about spam.

Not so.  

Some are, explicitly (SpamCop, Spamhaus, SORBS DNSBL).  Some aren't
(SPEWS (spam++), rfc-ignorant, DUL, various CCTLD blacklists).  However
all affect IPs, and should be considered a corrolate.  Possibly a
behavioral training tool.


Peace.

-- 
Karsten M. Self <kmself@ix.netcom.com>        http://kmself.home.netcom.com/
 What Part of "Gestalt" don't you understand?
    The black hat community is drooling over the possibility of a secure
    execution environment that would allow applications to run in a
    secure area which cannot be attached to via debuggers.
    - Jason Spence, on Palladium aka NGCSB aka "Trusted Computing"
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://allium.zgp.org/pipermail/linux-elitists/attachments/20040204/3bf5e5d0/attachment.pgp 


More information about the linux-elitists mailing list