Hi folks,
Most of the spam I receive these days tends to be malware with attached
ZIP files. I run clamav which weeds out some of it out, but a large
amount still seems to get through.
I was wondering if greylisting would be a useful thing to try in an
attempt to reduce the amount received?
Problem is, I don't really like greylisting in general, because of the
delays it adds to incoming mail.
However, I'd quite like to experiment with greylisting only messages
with ZIP attachments. Does this sound like a sensible thing to do, and
if so, can anyone recommend any best practices/tools to use to implement
this with postfix?
One downside is that I guess the entire email needs to received and
parsed before it is temporarily rejected, meaning that in practice
delivering non-spam messages with ZIP files would end up using [at
least] twice the bandwidth. This is a small price to pay though, as in
reality I very rarely receive legitimate mail with ZIP attachments.
Any thoughts?
thanks
Matt.
