[vorbis virus spam] Any list ops ever thought... was re: [vorbis] Hey

Nemo Cameron nemo at cheeky.house.cx
Tue Apr 27 05:41:14 PDT 2004 


> On Thursday 15 April 2004 11:05 am, C h a r l e s   T.   H o u g h t b y   I V 
> wrote:
> ->...about maybe stripping all zip, exe, pif, etc  attachments from emails 
> ->coming to vorbis at xiph.org? Granted, Ryan Ashley has a Very Valid Point and I 
> ->agree wholeheartedly about "Any idiot who opens a pif, exe, bat, com, or any 
> ->other executable file deserves what they get." and would actually encourage 
> ->these feeble minded folks to "Please, Open it and Darwinate your dumb self 
> ->right off the net". There are minimum aptitude levels for driving, there 
> ->should be for net use as well (could be too extreme...).

Encourage them to be stupid on a network where YOU ALONE have to suffer
the subsequent abuse of network traffic, mail servers, and so forth. Do
not advocate this policy on the internet where other (assumed to be
innocent) users will suffer. Encouraging idiots to open attachments is
like encouraging drunkards to drive.

With regard to stripping attachments? I'd suggest one step further. Just
reject all emails at the server end if they have an offending attachment.
(this can be done as soon as the mime header can be identified, saving
bandwith)

I do this on my mailserver (running postfix 2) with the following:

>From main.cf:
# need postfix-pcre installed...
mime_header_checks = pcre:/etc/postfix/mime_header_checks

>From mime_header_checks:
# block windows executables PCRE
/^Content-(Disposition|Type).*name\s*=\s*"?(.*\.(
 ade|adp|bas|bat|chm|cmd|com|cpl|crt|dll|exe|hlp|hta|
 inf|ins|isp|js|jse|lnk|mdb|mde|mdt|mdw|msc|msi|msp|mst|nws|
 ops|pcd|pif|prf|reg|scf|scr\??|sct|shb|shs|shm|swf|
 vb[esx]?|vxd|wsc|wsf|wsh))(\?=)?"?\s*(;|$)/x
  REJECT 552 Attachment name "$2" may not end with ".$3"
      

Note that I run this both personally and professionally (small ISP). In
several years, we've recieved one complaint (more like grudging
acceptance) and many compliments. ie, I consider it a good (read:
excellent) system.

That config does allows .zip through, and a seperate (ie, real) virus
scanner would be needed to inspect those. As a blunt tool however, this
method is effective and simple, and imho, greatly preferably to stripping
the attachments but allowing the mail... It's also not list specific,
but with some extra effort, that shouldn't be too hard to accomplish.

Finally, note that a 552 error is not a bounce, and so will not
nescessarily generate return traffic to bother the net up further. 5xx
errors are (from memory) to be handled by the sending server by any
means they wish.

*clink* *clink*

.../Nemo

-- 
  ------------------------------------------ --------------------------
                                                    earth native
--- >8 ----
List archives:  http://www.xiph.org/archives/
Ogg project homepage: http://www.xiph.org/ogg/
To unsubscribe from this list, send a message to 'vorbis-request at xiph.org'
containing only the word 'unsubscribe' in the body.  No subject is needed.
Unsubscribe messages sent to the list will be ignored/filtered.

More information about the Vorbis mailing list