|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: blocking bagle?
From: Alan (alan
ufies.org)
Date: Thu Mar 04 2004 - 13:09:13 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
I have done that, but I'm unsure as to how to move the mail from the
hold queue to my inbox, without hitting the same body check again. I
tried with 'postsuper -r <id>' but it seemed to go too far back in the
queue and was re-caught by the body checks. I'm sure there's a way to
bypass this, but my reading of the postsuper man page didn't show it :(
Sorry for my n00b-ness :)
On Thu, Mar 04, 2004 at 02:02:56PM -0500, John M. Lockard wrote:
> You could modify the rule thusly, to not block "these" messages...
>
> /^UEsDBAoAAQAAA/ HOLD
>
> On Thu, Mar 04, 2004 at 11:00:50AM -0800, Alan wrote:
> > According to the email the bagle uses a non-standard zip format that is
> > slightly different in the first few bytes.
> >
> > This body checks seems to work except that it is blocking mail such at
> > this, that contains the string :) I've turned it off so I don't get
> > mail blocked that is on the subject of how to block mail!
> >
> > alan
> >
> > On Thu, Mar 04, 2004 at 01:32:26PM -0500, John M. Lockard wrote:
> > > Won't that just block everything that has a .zip file attached?
> > >
> > > On Thu, Mar 04, 2004 at 10:21:00AM -0800, Alan wrote:
> > > > > If your MTA can block based on patterns in the message body, it should
> > > > > be possible to block this one at the email gateway. I'm using postfix,
> > > > > and it's done like this
> > > > >
> > > > > main.cf:
> > > > > body_checks = regexp:/etc/postfix/body_checks
> > > > >
> > > > > body_checks:
> > > > > /UEsDBAoAAQAAA/ HOLD
> > > >
> > > > Alan
> > >
> > > --
> > > --jlockard - "Gravity is a harsh mistress." - The Tick
> >
> > --
> > Alan <alanufies.org> - http://arcterex.net
> > --------------------------------------------------------------------
> > "There are only 3 real sports: bull-fighting, car racing and mountain
> > climbing. All the others are mere games." -- Hemingway
> >
>
> --
> --jlockard - "A man steals a loaf of bread and never hears the end of it."
> - summary of 'Les Miserables'
--
Alan <alanufies.org> - http://arcterex.net
--------------------------------------------------------------------
"There are only 3 real sports: bull-fighting, car racing and mountain
climbing. All the others are mere games." -- Hemingway
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]