Ruud H.G. van Tol wrote:
I am a bit bothered by the idea that an email can get to the
end user w/o having checks done on it.
I agree. Many defensive checks and measures can and should be done
before procmail gets the message.
In the case of my systems all virus and other tests are done before procmail
gets it, it's just the content filtering
for spammy things that take place by procmail. The problem is with the number
of rules I have in place (and trust me,
they are nearly all needed) it can take hours for multi-meg messages to get
through. Messages less then 1 meg aren't
too bad, but my users often get/send 5-10+ meg emails (yeah I know, lets not go
down the discussion road on emails that
big :)). They are simple users and confusing them with ftp and the like isn't
an option.
At an absolute minimum, I would suggest running the header
of the large file attach through Dallman's vsnag.
I agree again. AFAIK vsnag doesn't have a 'header-only' mode.
Even if you have a good dirt-rejecter and malware-discarder at the
"gate", put vsnag in your /etc/procmailrc as an extra layer of defense.
I'll have to look at vsnag. Currently I use MailScanner with f-prot and SA,
then procmail.
____________________________________________________________
procmail mailing list Procmail homepage: http://www.procmail.org/
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail