procmail
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: filtering non-local aliases with procmail

1999-01-08 12:23:20
from [Jerry Preeper] [Permanent Link] 
Not just that, but with the recent notice of the trojan horse virus
floating around in an attachment called picture.exe (see
http://www.computerworld.com/home/news.nsf/all/9901074trojan), I could also
add value to my users by being able to stop this before it ever gets to them.

I was looking through the stuff at spam.abuse.net and ran across a hack to
sendmail called spamcan (http://www.consult.ml.org/~timb/spamcan/) which
allows filtering based upon regular expressions in the headers for an
entire site (server I assume as well).  I haven't looked at it too closely
yet, but at least if it can scan headers, that's a good start.  

It appears to be set for Sendmail v8.  Has anyone used this program?  What
do you think of it?  Do you know if the patch applies to 8.9.1 or 8.9.2

Jerry


At 08:22 PM 1/7/99 -0800, Professional Software Engineering wrote:

At 04:57 08-01-99 +0200, era eriksson wrote:


Generally, by the time your MTA has accepted a spam message, You Have
Already Lost. Procmail can be a good compliment to MTA filters but
they should really be your first and most important line of defense.


Certainly, but if a spammer sends one message addressed to say, 10 users at
this one domain, ONE copy of the message comes in.  But lets say those 10
users are all at different services -- you turn around and pump 10 times as
much data back OUT of your system.  I got two copies of a 3.5MB file
attachment from some bonehead last month (spammed two addresses with a
massive powerpoint presentation) - imagine pumping that through a free
remailer on a thin connection to a dozen or more people...

Yes, you've lost part of the battle if you've already accepted the message,
but if you can kill it right then before forwarding it along, you are much
better off.  Same thing goes for removing spam so someone on a dialup
doesn't have to download it over POP or IMAP (of course, antispam should be
a published policy).


There are various Sendmail hacks available; 8.9.1 comes with a lot of
the antispam stuff turned on by default. A good place to start


Lots of the antispam stuff has to do with securing sendmail from being
abused into a relay.  Generic spamcrap will still flow freely through.


---
Please DO NOT carbon me on list replies.  I'll get my copy from the list.

Sean B. Straw / Professional Software Engineering
Post Box 2395 / San Rafael, CA  94912-2395
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Recurring email filter - part II, Todd Lindstrom
Next by Date:  Re: Recurring email filter - part II, era eriksson
Previous by Thread:  Re: filtering non-local aliases with procmail, Professional Software Engineering
Next by Thread:  Re: filtering non-local aliases with procmail, Philip Guenther
Indexes:  [Date] [Thread] [Top] [All Lists]