Re: [sa-list] Re: Spammers Bypassing Whitelists / Rule Suggestion / Performance

["Dan Mahoney, System Admin" <da...@prime.gushi.org>]

On Thu, 16 Sep 2004, Stewart Nelson wrote:

>> Turn this around and make a rule for it. I have one and it works great.
>> FROM_ME_TO_ME.
>> 
>> The description says, "Why the hell would I get email from myself, from
>> outside!"
>
> Well, I often send myself email, usually to store some (important to me
> but not sensitive) information so it can be accessed from other locations
> by IMAP or Webmail.  It's nearly always from 'inside', but occasionally
> my laptop is connected via a customer's or vendor's firewall that blocks
> connection to my SMTP server by SSL or ASMTP, and also blocks the
> non-standard port my Webmail is on, but permits access to a local
> outgoing SMTP relay.  Voilà.
>
>> Viruses, I handle for them, I am sure they don't want them.
>
> I have had trouble with systems blocking .eml and .url attachments.
> Unfortunately, when a user (that doesn't know better) clicks the
> Mail button in IE and selects Send a Link, a message with a
> .url attachment is created.  Likewise, selecting 'Forward as Attachment'
> in Outlook or OE generates a .eml .

I'm not blocking those.  For a while I was using the www.impsec.org 
procmail rules, but I've switched over to an antivirus milter that can run 
against McAfee or with a little modification, ClamAV.

-Dan

--

"You can't call yourself a dork if you don't use UNIX!"

-Dan Mahoney, May 1997

--------Dan Mahoney--------
Techie,  Sysadmin,  WebGeek
Gushi on efnet/undernet IRC
ICQ: 13735144   AIM: LarpGM
Site:  http://www.gushi.org
---------------------------