Sur 2006-01-25, Mr Duck skribis:
:0
* > 150000
{ SWITCHRC } # go to user's .procmailrc, if existing,
# else deliver to $DEFAULT (?)
I am a bit bothered by the idea that an email can get to the
end user w/o having checks done on it. Granted, most of the
viral/spam email are small(er), but that doesn't mean that
larger ones don't occur. Just two days ago, our virus scanner
caught a 1M file attach which was an email worm.
[ deleted ]
At an absolute minimum, I would suggest running the header
of the large file attach through Dallman's vsnag.
Also, if a big message has not been thoroughly scanned, you might
want to add a "BIG" tag to the message's subject as a way to warn
your users that the message might be malicious. I have a recipe
that does this on my Procmail Quick Start in this section:
<http://www.ii.com/internet/robots/procmail/qs/#nestingBlock>
You can also do other things to speed up the process (like
suggested earlier of reworking your /etc/procmailrc file to
not have so many lines) or perhaps using spamd.
And definitely put in some good SMTP-level filters, e.g.
greylisting.
Hope this helps,
Nancy
(sent via gmane.mail.procmail)
--
Nancy McGough ~ <http://www.ii.com> ~ <http://deflexion.com>
IMAP, pine, procmail, data deflexion, infinity, and more
> > > Please keep the discussion in the group < < <
____________________________________________________________
procmail mailing list Procmail homepage: http://www.procmail.org/
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail