Am 14.05.2014 12:13, schrieb Matt Holgate: > Hi folks, > > Most of the spam I receive these days tends to be malware with attached > ZIP files. I run clamav which weeds out some of it out, but a large > amount still seems to get through. > > I was wondering if greylisting would be a useful thing to try in an > attempt to reduce the amount received? > > Problem is, I don't really like greylisting in general, because of the > delays it adds to incoming mail. > > However, I'd quite like to experiment with greylisting only messages > with ZIP attachments. Does this sound like a sensible thing to do, and > if so, can anyone recommend any best practices/tools to use to implement > this with postfix?
perhaps , you need a milter or policy server which combines this > > One downside is that I guess the entire email needs to received and > parsed before it is temporarily rejected, meaning that in practice > delivering non-spam messages with ZIP files would end up using [at > least] twice the bandwidth. This is a small price to pay though, as in > reality I very rarely receive legitimate mail with ZIP attachments. > > Any thoughts? do more analysis to your spam logs, and reduce it with other stuff like i.e postscreen, if you reject mail on incomming smtp level you dont have to deal with its attachements later > > thanks > Matt. > Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein
