> -----Original Message----- > From: owner-postfix-us...@postfix.org [mailto:owner-postfix- > us...@postfix.org] On Behalf Of Jose Ildefonso Camargo Tolosa > Sent: Tuesday, August 10, 2010 11:12 PM > To: postfix users > Subject: Re: Postfix MX Real-Time Anit-SPAM Firewall > > Hi! > > On Tue, Aug 10, 2010 at 8:33 AM, Noel Jones <njo...@megan.vbhcs.org> > wrote: > > On 8/10/2010 2:59 AM, Jacqui Caren-home wrote: > >> > >> Udo Rader wrote: > >>> > >>> On 08/07/2010 05:40 AM, Dennis Carr wrote: > >>>> > >>>> On Fri, 6 Aug 2010, junkyardma...@verizon.net wrote: > >>>> > >>>>> See Zip Attachment > >> > >> I assumed this was a infection generated zip file... > >> I certainly had no intention of looking at it and from the > >> email profile it would have been bounced by work systems as > >> "too risky". > >> > >> Q: Does *anyone* post zip files to this mailing list? > > > > Yes, zip files are allowed on this list and are not terribly unusual. > > > > But if the entire description is something like "check this out", > only the > > most foolish^Wadventurous will actually open them. > > Yes, it is better to describe your zip file, so that people feel more > comfortable, and off course, to allow people to decide whether or not > they need to open it (maybe someone is just not interested). > > > > > > >> > >> I see no reason why anyone would want to as most sensible > >> folks tend to upload code and log snippets to an ftp/web site > >> and provide a link. > > > > On this list it's customary to post log snippets and code references > in-line > > so people trying to help don't have to search all over to find needed > > information. Large attachments -- such as a tcpdump recording -- are > > frequently zipped; nothing wrong with that. > > > > But the original announcement from this thread should have been a > > description of the project purpose, with a link to more information > and the > > code. > > I believe that just a description, and the intention of posting it > here: want an opinion, want to get it included with postfix, who > knows! > > > > > > >> > >> So would it be sensible/possible to reject any list posts that > >> include zip/bin/exe/scr/pif/... attachements? > > > > Your server, your rules; reject whatever you want. Postfix > announcements > > will be text-only, so you are unlikely to miss anything terribly > important. > > But zip files are not always evil. > > I personally doesn't reject any type of file, but *do* run anti-virus, > and any infected files are removed, but that's me, there are sites > that want everything filtered! (no exe, no zip, no rar, no tar, no > pif, no com (who use .com files today?)), but there is a time when > they receive a virus in the format of, say, a text string that > exploits a bug on the video driver! (I think this actually happened in > the past), so, all of that filtering for nothing.
I personally believe in some filtering (double extensions/.exe files). Why? Double extensions are often a sign of a virus (at least if you have a decent sender). It is easy to put an .exe file in a .zip file or something else (and lots of people just click on an attachment without reading the file name/extension). The only thing difficult about is not to block too much, but just enough. > > I find it foolish to start filtering everything, just because a small > rate of that kind of file *may* be evil: it is like if you don't allow > people go to your office with laptops, because they can hook-up to > your network and steal information from your intranet (if you want to > prevent this, authenticate network ports with 802.1x or something like > that, don't use wifi, and off course, secure your intranet's > servers!). > > Sorry if part of this gets off-topic, but this kind of discussion is > always interesting. > > > > >> > >> Jacqui > > > > > > -- Noel Jones > > > > Ildefonso Regards, Mark
