[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] Re: Filtering sobig with postfix

To: Bojan Zdrnja <Bojan.Zdrnja@LSS.hr>
Subject: Re: [Full-Disclosure] Re: Filtering sobig with postfix
From: Irwan Hadi <irwanhadi@phxby.com>
Date: Thu, 21 Aug 2003 16:37:26 -0600

On Fri, Aug 22, 2003 at 08:43:45AM +1200, Bojan Zdrnja wrote:
> 
> /filename=.*(your_details|your_document|document_all).pif/ REJECT
> 
> You might want to reject all .pif files, and also:
> 
> /(Virus found|VIRUS ALERT)/ DISCARD
> 
> 
> To discard all those messages originating from improperly configured MTA's,
> which were able to detect Sobig-F, but which still send notification to
> faked from: address.
> 
> After you edit that file just issue:
> 
> # /usr/sbin/postmap /etc/postfix/header_checks
> 

you don't need to postmap the header checks file, because you are using
regexp.
You *only* need to postmap it, if you use hash:, dbm: or btree:

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Follow-Ups:
- RE: [Full-Disclosure] Re: Filtering sobig with postfix
  - From: "Bojan Zdrnja" <Bojan.Zdrnja@LSS.hr>

References:
- AW: [Full-Disclosure] Re: Filtering sobig with postfix
  - From: vogt@hansenet.com
- RE: [Full-Disclosure] Re: Filtering sobig with postfix
  - From: "Bojan Zdrnja" <Bojan.Zdrnja@LSS.hr>

Prev by Date: RE: [Full-Disclosure] Idea
Next by Date: RE: [Full-Disclosure] Subject prefix changing! READ THIS! SURVEY!!
Prev by thread: RE: [Full-Disclosure] Re: Filtering sobig with postfix
Next by thread: RE: [Full-Disclosure] Re: Filtering sobig with postfix
Index(es):
- Date
- Thread