> If you want to create a good filter solution do the following: > > 1. Automatically create whitelists -- when anyone from behind > your server sends out a message add the e-mail being sent to > to the whitelist. Then you know addresses which can be trusted. >
Don't 'Automatically' do anythign! There will be exploits and people will find them. You need an example? Think Microsoft. If there was no Microsoft there'd be no viruses. And what if a virus is behind the the server? Then you might whitelist Virus and other evil addresses. Example: I could send an email as you from your server/pc to [EMAIL PROTECTED] and then I could send Out millions of emails right under your nose. 'I' being a virus. > 2. Filter all messages through something like spamassasin > which will get rid of most of the spams. Cool > > 3. Filter the text of commonly known viruses -- if it's in > the message body quarantine it. Cool > > 4. Any messages with the To: or CC: or BCC: fields not > containing the users e-mail address should be sent to a > folder on their machine entitled "probable spam". > Newsletters, mailing lists, and similar things will be placed > there, so you should have a way for users to add newsletters > and mailing lists to the White list (i.e. a special white > list which allows you to check if the To: CC: or BCC: > contains the mailing list name). Although all fileds are easily spoofed, then what? What about emails sent to a user where they are in the Envelope-to: header? > > 5. When all is said and done don't delete anything -- have > feedback and look to see what is common in spams which get > through and what is common in good mail that doesn't. > What about the .exe or .pif or .src or .bat etc... file's? Who in the world needs to email those to you? Why not delete (or at least bounce them although then you may get mail loops) those so that they don't infect your system from a different folder? If someone really needs to get you a .exe file or the like you need to setup an ftp site for them to log into and get them or soemthgin like that. Ok I'm done with the OT :) DMuey -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
