On 5/14/2017 7:22 AM, john wrote:
This may not be a Postfix problem, but bearing in mind the recent
events this forum may have some good ideas.
After the recent rasomeware attacks we are considering the idea of
blocking all attachments. I am not sure of the best way of doing
this, but several ideas have been put forward:
I am a consistent fan of milter logic, especially MIMEDefang to solve
these issues. It allows you the logic of perl combined with Postfix
where you can use a variety of solutions that fit the issue: regex to
block, database connections for allowed senders, system calls to av
software, attachment renaming, attachment removal/quarantine, etc.
Though realize that the Windows Defender Bug last week or so was a big
deal because all you had to do is receive the file. The scanner then
scanned the specially crafted file and bam: You were compromised without
even opening the email. So that throws a wrench in some of your scenarios.
Anyway, I suggest if you are interested, take a look at mimedefang and
join the mimedefang mailing list. The bad_filename would be the first
concept to look at and I'm typically happy to share my tricks open
source. Just inappropes to keep bombarding postfix list with
non-postfix stuff though I agree it's on the fringe.
Regards,
KAM
