> "... I run clamav which weeds out some of it out, but a large amount still seems to get through...."
If you are using amavis with clamav, uncomment these lines in amavis config file(s): qr'^MAIL$', # retain full original message for virus checking (can be slow) qr'^Zip archive data', # don't trust Archive::Zip Under $banned_filename_re = ... uncomment this line under # block certain double extensions anywhere in the base name qr'\.[^./]*\.(exe|vbs|pif|scr|bat|cmd|com|cpl|dll)\.?$'i, /etc/init.d/amavis restart Marius. -----Original Message----- From: owner-postfix-us...@postfix.org [mailto:owner-postfix-us...@postfix.org] On Behalf Of Matt Holgate Sent: Wednesday, May 14, 2014 1:13 PM To: postfix-users@postfix.org Subject: Selective greylisting Hi folks, Most of the spam I receive these days tends to be malware with attached ZIP files. I run clamav which weeds out some of it out, but a large amount still seems to get through. I was wondering if greylisting would be a useful thing to try in an attempt to reduce the amount received? Problem is, I don't really like greylisting in general, because of the delays it adds to incoming mail. However, I'd quite like to experiment with greylisting only messages with ZIP attachments. Does this sound like a sensible thing to do, and if so, can anyone recommend any best practices/tools to use to implement this with postfix? One downside is that I guess the entire email needs to received and parsed before it is temporarily rejected, meaning that in practice delivering non-spam messages with ZIP files would end up using [at least] twice the bandwidth. This is a small price to pay though, as in reality I very rarely receive legitimate mail with ZIP attachments. Any thoughts? thanks Matt.
