From: Dennis Carr on 6 Aug 2010 23:40 On Fri, 6 Aug 2010, JunkYardMail1(a)Verizon.net wrote: > See Zip Attachment > I see it. What is this? -Dennis
From: Jacqui Caren-home on 10 Aug 2010 03:59 Udo Rader wrote: > On 08/07/2010 05:40 AM, Dennis Carr wrote: >> >> On Fri, 6 Aug 2010, JunkYardMail1(a)Verizon.net wrote: >> >>> See Zip Attachment I assumed this was a infection generated zip file... I certainly had no intention of looking at it and from the email profile it would have been bounced by work systems as "too risky". Q: Does *anyone* post zip files to this mailing list? I see no reason why anyone would want to as most sensible folks tend to upload code and log snippets to an ftp/web site and provide a link. So would it be sensible/possible to reject any list posts that include zip/bin/exe/scr/pif/... attachements? Jacqui
From: Noel Jones on 10 Aug 2010 09:03 On 8/10/2010 2:59 AM, Jacqui Caren-home wrote: > Udo Rader wrote: >> On 08/07/2010 05:40 AM, Dennis Carr wrote: >>> >>> On Fri, 6 Aug 2010, JunkYardMail1(a)Verizon.net wrote: >>> >>>> See Zip Attachment > > I assumed this was a infection generated zip file... > I certainly had no intention of looking at it and from the > email profile it would have been bounced by work systems as > "too risky". > > Q: Does *anyone* post zip files to this mailing list? Yes, zip files are allowed on this list and are not terribly unusual. But if the entire description is something like "check this out", only the most foolish^Wadventurous will actually open them. > > I see no reason why anyone would want to as most sensible > folks tend to upload code and log snippets to an ftp/web site > and provide a link. On this list it's customary to post log snippets and code references in-line so people trying to help don't have to search all over to find needed information. Large attachments -- such as a tcpdump recording -- are frequently zipped; nothing wrong with that. But the original announcement from this thread should have been a description of the project purpose, with a link to more information and the code. > > So would it be sensible/possible to reject any list posts that > include zip/bin/exe/scr/pif/... attachements? Your server, your rules; reject whatever you want. Postfix announcements will be text-only, so you are unlikely to miss anything terribly important. But zip files are not always evil. > > Jacqui -- Noel Jones
From: Jose Ildefonso Camargo Tolosa on 10 Aug 2010 17:12 Hi! On Tue, Aug 10, 2010 at 8:33 AM, Noel Jones <njones(a)megan.vbhcs.org> wrote: > On 8/10/2010 2:59 AM, Jacqui Caren-home wrote: >> >> Udo Rader wrote: >>> >>> On 08/07/2010 05:40 AM, Dennis Carr wrote: >>>> >>>> On Fri, 6 Aug 2010, JunkYardMail1(a)Verizon.net wrote: >>>> >>>>> See Zip Attachment >> >> I assumed this was a infection generated zip file... >> I certainly had no intention of looking at it and from the >> email profile it would have been bounced by work systems as >> "too risky". >> >> Q: Does *anyone* post zip files to this mailing list? > > Yes, zip files are allowed on this list and are not terribly unusual. > > But if the entire description is something like "check this out", only the > most foolish^Wadventurous will actually open them. Yes, it is better to describe your zip file, so that people feel more comfortable, and off course, to allow people to decide whether or not they need to open it (maybe someone is just not interested). > > >> >> I see no reason why anyone would want to as most sensible >> folks tend to upload code and log snippets to an ftp/web site >> and provide a link. > > On this list it's customary to post log snippets and code references in-line > so people trying to help don't have to search all over to find needed > information. Large attachments -- such as a tcpdump recording -- are > frequently zipped; nothing wrong with that. > > But the original announcement from this thread should have been a > description of the project purpose, with a link to more information and the > code. I believe that just a description, and the intention of posting it here: want an opinion, want to get it included with postfix, who knows! > > >> >> So would it be sensible/possible to reject any list posts that >> include zip/bin/exe/scr/pif/... attachements? > > Your server, your rules; reject whatever you want. Postfix announcements > will be text-only, so you are unlikely to miss anything terribly important. > But zip files are not always evil. I personally doesn't reject any type of file, but *do* run anti-virus, and any infected files are removed, but that's me, there are sites that want everything filtered! (no exe, no zip, no rar, no tar, no pif, no com (who use .com files today?)), but there is a time when they receive a virus in the format of, say, a text string that exploits a bug on the video driver! (I think this actually happened in the past), so, all of that filtering for nothing. I find it foolish to start filtering everything, just because a small rate of that kind of file *may* be evil: it is like if you don't allow people go to your office with laptops, because they can hook-up to your network and steal information from your intranet (if you want to prevent this, authenticate network ports with 802.1x or something like that, don't use wifi, and off course, secure your intranet's servers!). Sorry if part of this gets off-topic, but this kind of discussion is always interesting. > >> >> Jacqui > > > -- Noel Jones > Ildefonso
From: "Mark Scholten" on 10 Aug 2010 19:59 > -----Original Message----- > From: owner-postfix-users(a)postfix.org [mailto:owner-postfix- > users(a)postfix.org] On Behalf Of Jose Ildefonso Camargo Tolosa > Sent: Tuesday, August 10, 2010 11:12 PM > To: postfix users > Subject: Re: Postfix MX Real-Time Anit-SPAM Firewall > > Hi! > > On Tue, Aug 10, 2010 at 8:33 AM, Noel Jones <njones(a)megan.vbhcs.org> > wrote: > > On 8/10/2010 2:59 AM, Jacqui Caren-home wrote: > >> > >> Udo Rader wrote: > >>> > >>> On 08/07/2010 05:40 AM, Dennis Carr wrote: > >>>> > >>>> On Fri, 6 Aug 2010, JunkYardMail1(a)Verizon.net wrote: > >>>> > >>>>> See Zip Attachment > >> > >> I assumed this was a infection generated zip file... > >> I certainly had no intention of looking at it and from the > >> email profile it would have been bounced by work systems as > >> "too risky". > >> > >> Q: Does *anyone* post zip files to this mailing list? > > > > Yes, zip files are allowed on this list and are not terribly unusual. > > > > But if the entire description is something like "check this out", > only the > > most foolish^Wadventurous will actually open them. > > Yes, it is better to describe your zip file, so that people feel more > comfortable, and off course, to allow people to decide whether or not > they need to open it (maybe someone is just not interested). > > > > > > >> > >> I see no reason why anyone would want to as most sensible > >> folks tend to upload code and log snippets to an ftp/web site > >> and provide a link. > > > > On this list it's customary to post log snippets and code references > in-line > > so people trying to help don't have to search all over to find needed > > information. Large attachments -- such as a tcpdump recording -- are > > frequently zipped; nothing wrong with that. > > > > But the original announcement from this thread should have been a > > description of the project purpose, with a link to more information > and the > > code. > > I believe that just a description, and the intention of posting it > here: want an opinion, want to get it included with postfix, who > knows! > > > > > > >> > >> So would it be sensible/possible to reject any list posts that > >> include zip/bin/exe/scr/pif/... attachements? > > > > Your server, your rules; reject whatever you want. Postfix > announcements > > will be text-only, so you are unlikely to miss anything terribly > important. > > But zip files are not always evil. > > I personally doesn't reject any type of file, but *do* run anti-virus, > and any infected files are removed, but that's me, there are sites > that want everything filtered! (no exe, no zip, no rar, no tar, no > pif, no com (who use .com files today?)), but there is a time when > they receive a virus in the format of, say, a text string that > exploits a bug on the video driver! (I think this actually happened in > the past), so, all of that filtering for nothing. I personally believe in some filtering (double extensions/.exe files). Why? Double extensions are often a sign of a virus (at least if you have a decent sender). It is easy to put an .exe file in a .zip file or something else (and lots of people just click on an attachment without reading the file name/extension). The only thing difficult about is not to block too much, but just enough. > > I find it foolish to start filtering everything, just because a small > rate of that kind of file *may* be evil: it is like if you don't allow > people go to your office with laptops, because they can hook-up to > your network and steal information from your intranet (if you want to > prevent this, authenticate network ports with 802.1x or something like > that, don't use wifi, and off course, secure your intranet's > servers!). > > Sorry if part of this gets off-topic, but this kind of discussion is > always interesting. > > > > >> > >> Jacqui > > > > > > -- Noel Jones > > > > Ildefonso Regards, Mark
|
Pages: 1 Prev: SPF Not Pass None - patch policyd-spf Next: Postfix on Cloud |