On 14 May 2014, at 12:13, Matt Holgate <m...@holgate.org.uk> wrote: > Most of the spam I receive these days tends to be malware with attached ZIP > files. I run clamav which weeds out some of it out, but a large amount still > seems to get through. > > I was wondering if greylisting would be a useful thing to try in an attempt > to reduce the amount received? > > Problem is, I don't really like greylisting in general, because of the delays > it adds to incoming mail. > > However, I'd quite like to experiment with greylisting only messages with ZIP > attachments. Does this sound like a sensible thing to do, and if so, can > anyone recommend any best practices/tools to use to implement this with > postfix? > > One downside is that I guess the entire email needs to received and parsed > before it is temporarily rejected, meaning that in practice delivering > non-spam messages with ZIP files would end up using [at least] twice the > bandwidth. This is a small price to pay though, as in reality I very rarely > receive legitimate mail with ZIP attachments. > > Any thoughts?
I would suggest blocking them outright, if you rarely have a legitimate use for them, and use alternate means to transfer the few you actually do want? This can be achieved quite simply, using header checks; http://www.postfix.org/header_checks.5.html Mvg, Joni
