Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: Mark Scholten (markstreamservice.nl)
Date: Tue Aug 10 2010 - 18:59:33 CDT
> -----Original Message-----
> From: owner-postfix-userspostfix.org [mailto:owner-postfix-
> userspostfix.org] On Behalf Of Jose Ildefonso Camargo Tolosa
> Sent: Tuesday, August 10, 2010 11:12 PM
> To: postfix users
> Subject: Re: Postfix MX Real-Time Anit-SPAM Firewall
> On Tue, Aug 10, 2010 at 8:33 AM, Noel Jones <njonesmegan.vbhcs.org>
> > On 8/10/2010 2:59 AM, Jacqui Caren-home wrote:
> >> Udo Rader wrote:
> >>> On 08/07/2010 05:40 AM, Dennis Carr wrote:
> >>>> On Fri, 6 Aug 2010, JunkYardMail1Verizon.net wrote:
> >>>>> See Zip Attachment
> >> I assumed this was a infection generated zip file...
> >> I certainly had no intention of looking at it and from the
> >> email profile it would have been bounced by work systems as
> >> "too risky".
> >> Q: Does *anyone* post zip files to this mailing list?
> > Yes, zip files are allowed on this list and are not terribly unusual.
> > But if the entire description is something like "check this out",
> only the
> > most foolish^Wadventurous will actually open them.
> Yes, it is better to describe your zip file, so that people feel more
> comfortable, and off course, to allow people to decide whether or not
> they need to open it (maybe someone is just not interested).
> >> I see no reason why anyone would want to as most sensible
> >> folks tend to upload code and log snippets to an ftp/web site
> >> and provide a link.
> > On this list it's customary to post log snippets and code references
> > so people trying to help don't have to search all over to find needed
> > information. Large attachments -- such as a tcpdump recording -- are
> > frequently zipped; nothing wrong with that.
> > But the original announcement from this thread should have been a
> > description of the project purpose, with a link to more information
> and the
> > code.
> I believe that just a description, and the intention of posting it
> here: want an opinion, want to get it included with postfix, who
> >> So would it be sensible/possible to reject any list posts that
> >> include zip/bin/exe/scr/pif/... attachements?
> > Your server, your rules; reject whatever you want. Postfix
> > will be text-only, so you are unlikely to miss anything terribly
> > But zip files are not always evil.
> I personally doesn't reject any type of file, but *do* run anti-virus,
> and any infected files are removed, but that's me, there are sites
> that want everything filtered! (no exe, no zip, no rar, no tar, no
> pif, no com (who use .com files today?)), but there is a time when
> they receive a virus in the format of, say, a text string that
> exploits a bug on the video driver! (I think this actually happened in
> the past), so, all of that filtering for nothing.
I personally believe in some filtering (double extensions/.exe files). Why?
Double extensions are often a sign of a virus (at least if you have a decent
sender). It is easy to put an .exe file in a .zip file or something else
(and lots of people just click on an attachment without reading the file
name/extension). The only thing difficult about is not to block too much,
but just enough.
> I find it foolish to start filtering everything, just because a small
> rate of that kind of file *may* be evil: it is like if you don't allow
> people go to your office with laptops, because they can hook-up to
> your network and steal information from your intranet (if you want to
> prevent this, authenticate network ports with 802.1x or something like
> that, don't use wifi, and off course, secure your intranet's
> Sorry if part of this gets off-topic, but this kind of discussion is
> always interesting.
> >> Jacqui
> > -- Noel Jones