Mailing Lists: Apple Mailing Lists
Image of Mac OS face in stamp
 
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Solved: Blocking .pid (and more) attachments

At 9:03 AM -0400 7/26/04, Dan Young wrote:
Thanks to Josh9s post last night, I was able to come up with a good
header_checks file that got rid of all those e-mails. (Even though I did
figure it out, I am going to look into Exim.)

Checking mail headers is problematic. Being inside the envelope they are all too easy to spoof and manipulate. Better to react on the envelope. Additionally in order to make these checks you've accepted the connection, which is something you probably want to avoid as the spammer will now come back again, he know's you're willing to talk to him.

Of course the only way to stop certain file types is to accept the DATA block.

Here is what I did.

In the main.cf file, activate header_checks by uncommenting the line.

Then I created a new file in /etc/postfix called header_checks.

I used some of the lines listed on
http://www.geekounet.org/filters/header_checks

Whoever wrote this, they were quite thorough. (If the author of this page is
part of this list, thanks.) I only needed four lines. Once I copied these
files, I made some small changes like changing the error message and adding
some file types to the list.

Creating and managing lists based on message header signatures is a never ending battle. You'll be constantly tuning this file. Filtering on these is also very naive as it is so mutable and spoof-able. I mean do you trust the spammer to actually write valid message headers? Do you trust subject lines and the like to fit defined patterns?

Using the spamhaus.org lists will stop much of what this list traps.

Using robust sender callout verification traps much more, if not the remainder of bogus messages. If you can't accept my return email, your address was bogus. Postfix has a very rudimentary sender verification, but it's comparatively weak.
--

-dhan

------------------------------------------------------------------------
Dan Shoop email@hidden
Consulting Internet Architect email@hidden
AIM: iWiring http://www.iwiring.net/
http://www.ustsvs.com/

pgp key fingerprint: FAC0 9434 B5A5 24A8 D0AF 12B1 7840 3BE7 3736 DE0B

iWiring designs and supports Internet systems and networks based on
Mac OS X, unix, and Open Source application technologies and offers
24x7, guaranteed support to registered clients, at affordable rates.
_______________________________________________
macos-x-server mailing list | email@hidden
Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/macos-x-server
Do not post admin requests to the list. They will be ignored.
When responding to messages, please keep your quotes short.
References: 
 >Solved: Blocking .pid (and more) attachments (From: Dan Young <email@hidden>)



Visit the Apple Store online or at retail locations.
1-800-MY-APPLE

Contact Apple | Terms of Use | Privacy Policy

Copyright © 2007 Apple Inc. All rights reserved.