Hey all,
This is regarding the Sobig worm and the spurious bounces it also produces.
This trick uses procmail to filter mail based on attachment names.
I saw this on slashdot, tried it out, and anything with a suspicious
atachment gets sent to the bitbucket.
My .procmailrc file:
:0fw spamassassin.lock
* < 256000
| /usr/bin/spamc
:0 B
* ^ *Content-Disposition: attachment;
* filename=".*\.(pif|exe|scr)"
/dev/null
The first block is for spamassassin (What? You don't run this? You
oughtta...)
The second block scans all incoming email and helpfully delivers anyhting
with a .pif, .exe, or .scr attachment to /dev/null.
I was talking to folks in #spamassassin on freeload (irc.freenode.net) and
there were a few reservations. However, I tested it myself, and it seems to
work. The issue they had was that any email that had the string "pif", etc.
in it would be deleted; in other words, email lists discussing these
attachments would fail to be delivered. My response was that if I wanted
traffic about this junk, I would route my mail alternately. However, I sent
test mesages and nothing containing these strings was blocked.
-- Joey Kelly < Minister of the Gospel | Computer Networking Consultant > http://joeykelly.net "Democracy is two wolves and a lamb voting on what to have for lunch. Liberty is a well-armed lamb contesting the vote." ___________________ Nolug mailing list nolug@nolug.orgReceived on 08/21/03
This archive was generated by hypermail 2.2.0 : 12/19/08 EST