[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: Fedora Core 2 wishlists

From: Chuck Mead <csm redhat com>
To: fedora-devel-list redhat com
Subject: Re: Fedora Core 2 wishlists
Date: Wed, 10 Dec 2003 14:14:28 -0500

Chris Adams wrote:

Once upon a time, Chuck Mead <csm redhat com> said:

Content based checks *ARE* done with postfix at the SMTP port and that was my point... using postfix I can certainly block via host, email address, network ip or range the same as I can with sendmail but I can also block content at the SMTP port using mime_checks, header_checks, or body_checks using regexp or pcre. I have a suspicion that the fact you are unaware of that capability is *why* you prefer sendmail. :-)

Okay, I guess I don't know what you mean by "at the SMTP port".

inbound mail ----- > regexp/pcre at port 25 [pre-receipt match will bounce]

It is about that simple.

URL http://moongroup.com/outbound.config shows a postfix config which does this.

Expression matches could look like this:

/etc/postfix/header_checks:

/^Subject: .*Viagra/ REJECT

Reference: http://www.postfix.org/uce.html#header_checks

/etc/postfix/body_checks:

/This Is A One[-\ ]*Time (email|e-mail|mailing|offer)/ REJECT

Reference: http://www.postfix.org/uce.html#body_checks

/etc/postfix/mime_header_checks:

/name=[^>]*your_details.zip/ REJECT SecuritySage mail filters have determined that your email appears to be infected with the Sobig virus. Please see http://securityresponse.symantec.com/avcenter/venc/data/w32 sobig e mm html for information about the virus.

Reference: mime checks are actually an extension of existing checks executed via config... not an added capability.

So a match on one of these expressions would reject the mail and delivery is never attempted, nor is the mail accepted on the host.

body_checks rejection sample:

Sep 28 21:03:30 varmint postfix/cleanup[12671]: 30FA2DA60D: reject: body ver-co.com/rm/remove.php"><font color=3D"#0000FF" size=3D"1" face=3D"Arial"= from unknown[200.180.154.68]; from=<frankie gorgeousgeorge biz> to=<xxxxx moongroup com> proto=ESMTP helo=<mail.focuspro.com.br>

mime or header_checks rejection sample:

Sep 29 13:18:44 varmint postfix/cleanup[30994]: 63C23DA60C: reject: header Content-Type: application/octet-stream;??name=SRC.scr from smtp3.arnet.com.ar[200.45.191.14]; from=<iactucuman arnet com ar> to=<xxxxxx xfce org> proto=SMTP helo=<smtp3.arnet.com.ar>: Potentially dangerous file attachment

header_checks rejection samples:

Dec 4 16:43:26 varmint postfix/cleanup[24627]: 9A09DDA4BF: reject: header Subject: bsi The lowest priced Sildenafil Citrate (Viagra) for xxxxx xfce org ore from ACB9EB9B.ipt.aol.com[172.185.235.155]; from=<ndsuree iname com> to=<xxxxx xfce org> proto=ESMTP helo=<ACB9EB9B.ipt.aol.com>

Sep 29 04:50:50 varmint postfix/cleanup[21880]: EB9F9DA4BF: reject: header Subject: Merchant Accounts Increase Sales fxje vghnnt c from unknown[203.131.110.14]; from=<Pmcxa4eR05Q3 esuperhotwebdeals com> to=<xxxxx moongroup com> proto=SMTP helo=<adsl-131.110.14.info.com.ph>


--
Chuck Mead <csm redhat com>
Instructor II, GLS
Disclaimer: "It's Thursday and my name is Locutus of B0rk!"
Addendum: "Bwahahaha! Fire up the orbital mind-control lasers!"

Follow-Ups:
- Re: Fedora Core 2 wishlists
  - From: Chris Adams
- Re: Fedora Core 2 wishlists
  - From: Jörn Rink

References:
- Fedora Core 2 wishlists
  - From: Michael K. Johnson
- Re: Fedora Core 2 wishlists
  - From: Daniel Roesen
- Re: Fedora Core 2 wishlists
  - From: Chris Adams
- Re: Fedora Core 2 wishlists
  - From: Chris Ricker
- Re: Fedora Core 2 wishlists
  - From: Chris Adams
- Re: Fedora Core 2 wishlists
  - From: Chuck Mead
- Re: Fedora Core 2 wishlists
  - From: Chris Adams
- Re: Fedora Core 2 wishlists
  - From: Chuck Mead
- Re: Fedora Core 2 wishlists
  - From: Chris Adams

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]