> From: "Roger Grosswiler" <roger@xxxxxxxx> > >>> On Tue, 2005-11-22 at 13:38 +0100, Roger Grosswiler wrote: >>>> > I've gotten a ton of viruses today - there seems to be a worm lose >>>> > again. >>>> > >>>> > I've come to the realization that I have never ever received a zip >>>> > attachment from someone not in my address book that I actually >>>> wanted, >>>> > so I would like to set a spam assassin rule to mark mail with a .zip >>>> > or .exe with a high spam score (my address book is white listed) >>>> > >>>> > Anyone know how to do this off hand? >>>> > >>>> > Another possibility would be a procmail rule - I use procmail to >>>> filter >>>> > my mail - but since spamassassin already knows about my whitelist, >>>> I'd >>>> > rather do it in spamassassin. >>>> > >> >>>> i did this in postfix: >>>> >>>> i added in /etc/postfix/ a file called mime_headers_check with this >>>> content: >>> >>> That wouldn't really work for me for two reasons - >>> >>> 1) I don't want to reject them, the fm header is usually forged - so >>> rejecting just sends them to someone else who more than likely did not >>> send it to me. >>> >>> 2) My postfix is only allowed to talk on my lan - I use fetchmail to >>> pop >>> my accounts (which processes them with spamassassin), procmail to >>> filter >>> them into my mailboxes (which is then served via imap to my clients). >>> postfix is used for some stuff, but only on the lan - it can't send to >>> outside world. To get to outside world, I use my mail account providers >>> smtp server. >>> >>> I'm sure there is a spamassassin way to give a high score based upon >>> attachment extensions - I'll see if I can find it. > >> 2 things: >> 1) >> in my opinion, procmail listens to mta such as sendmail or postfix. >> Using >> fetchmail in my opinion delivers to mtas like the same. so, an incoming >> e-mail should also pass by your postfix-server? or am i wrong here? > > This is not necessarily true, Roger. I have my .procmailrc and > .fetchmailrc templates configured to deliver directly to the > /mail/<user> mbox file without passing through any sendmail at > all. I can leave the smtp facility turned off completely and still > > so, i see, i never am out of the learning process...thanks for information :-) Rog
