Matthias Häker schreef:
[attribution repaired] Francesco Peeters:
Of course it'll - unfortunately - only be a matter of
time before the zombie-worms will circumvent this by
retrying on 4xx errors! :-(
the most efektiv way against this
Your 'this' meaning 'retrying on 4xx errors'?
so far i discovered is a very simple way of folowing
the basic instruktions from german BSI Ministerium
1: all email with executable atachment got immediatly erased.
> /DEV/NULL
That is basic. But before that, you should SMTP-reject, because
rejecting garbage is better than discarding garbage. And rejecting early
(based on a virBL) is even better than rejecting after the SMTP-DATA is
in.
2: zip and other archives have to be renamed from the sender
and this information given to the receiver or 1:
I don't mind normal zip-attachments. Software like ClamAV detects
harmful zip-attachments.
--
Grtz, Ruud
____________________________________________________________
procmail mailing list Procmail homepage: http://www.procmail.org/
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail