procmail
[Top] [All Lists]

Re: Bypass large files with filter

2006-01-26 10:20:51


Ruud H.G. van Tol wrote:
  I am a bit bothered by the idea that an email can get to the
end user w/o having checks done on it.


I agree. Many defensive checks and measures can and should be done
before procmail gets the message.

In the case of my systems all virus and other tests are done before procmail 
gets it, it's just the content filtering
for spammy things that take place by procmail.  The problem is with the number 
of rules I have in place (and trust me,
they are nearly all needed) it can take hours for multi-meg messages to get 
through.  Messages less then 1 meg aren't
too bad, but my users often get/send 5-10+ meg emails (yeah I know, lets not go 
down the discussion road on emails that
big :)).  They are simple users and confusing them with ftp and the like isn't 
an option.

  At an absolute minimum, I would suggest running the header
of the large file attach through Dallman's vsnag.


I agree again. AFAIK vsnag doesn't have a 'header-only' mode.

Even if you have a good dirt-rejecter and malware-discarder at the
"gate", put vsnag in your /etc/procmailrc as an extra layer of defense.

I'll have to look at vsnag.  Currently I use MailScanner with f-prot and SA, 
then procmail.


____________________________________________________________
procmail mailing list   Procmail homepage: http://www.procmail.org/
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail

<Prev in Thread] Current Thread [Next in Thread>