[gentoo-server] Mailscanner or amavisd-new

[gentoo-server] Mailscanner or amavisd-new

[Pandu Poluan]

[-- Attachment #1: Type: text/plain, Size: 162 bytes --]

So, here I am preparing to build a mailfiltering gateway, when I run into a
dilemma:

Mailscanner or amavisd-new?

Any thoughts, suggestions, experiences?

Rgds,

[-- Attachment #2: Type: text/html, Size: 192 bytes --]

Re: [gentoo-server] Mailscanner or amavisd-new

[Matt Thode]

[-- Attachment #1: Type: text/plain, Size: 379 bytes --]

I just use spam-assassin for spam and if you are talking about filtering into folders then dovecot with sieve is nice

-- Matthew Thode

On Nov 28, 2011, at 12:02 AM, Pandu Poluan wrote:

> So, here I am preparing to build a mailfiltering gateway, when I run into a dilemma:
> 
> Mailscanner or amavisd-new?
> 
> Any thoughts, suggestions, experiences?
> 
> Rgds,


[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 881 bytes --]

Re: [gentoo-server] Mailscanner or amavisd-new

[Pandu Poluan]

[-- Attachment #1: Type: text/plain, Size: 511 bytes --]

On Nov 28, 2011 1:24 PM, "Matt Thode" <prometheanfire@gentoo.org> wrote:
>
> On Nov 28, 2011, at 12:02 AM, Pandu Poluan wrote:
>
> > So, here I am preparing to build a mailfiltering gateway, when I run
into a dilemma:
> >
> > Mailscanner or amavisd-new?
> >
> > Any thoughts, suggestions, experiences?
> >
>
> I just use spam-assassin for spam and if you are talking about filtering
into folders then dovecot with sieve is nice

It's going to be a mailfiltering gateway so emails will only pass through.

Rgds,

[-- Attachment #2: Type: text/html, Size: 702 bytes --]

Re: [gentoo-server] Mailscanner or amavisd-new

[Alessandro Ratti]

Il giorno 28/nov/2011, alle ore 07.02, Pandu Poluan ha scritto:

> So, here I am preparing to build a mailfiltering gateway, when I run into a dilemma:
> 
> Mailscanner or amavisd-new?
> 
> Any thoughts, suggestions, experiences?


amavisd-new is the right choice.

Re: [gentoo-server] Mailscanner or amavisd-new

[Mișu Moldovan]

On Mon, Nov 28, 2011 at 08:02, Pandu Poluan <pandu@poluan.info> wrote:
> So, here I am preparing to build a mailfiltering gateway, when I run into a
> dilemma:
>
> Mailscanner or amavisd-new?
>
> Any thoughts, suggestions, experiences?

MIMEDefang. The above solutions only scan mails AFTER accepting them.

-- 
mișu

Re: [gentoo-server] Mailscanner or amavisd-new

[Alessandro Ratti]

Il giorno 28/nov/2011, alle ore 11.25, Mișu Moldovan ha scritto:

> On Mon, Nov 28, 2011 at 08:02, Pandu Poluan <pandu@poluan.info> wrote:
>> So, here I am preparing to build a mailfiltering gateway, when I run into a
>> dilemma:
>> 
>> Mailscanner or amavisd-new?
>> 
>> Any thoughts, suggestions, experiences?
> 
> MIMEDefang. The above solutions only scan mails AFTER accepting them.

uhm...seems that it works only with sendmail. Is there a version also for postifix?

Re: [gentoo-server] Mailscanner or amavisd-new

[Mișu Moldovan]

On Mon, Nov 28, 2011 at 13:09, Alessandro Ratti <alex@lord2y.org> wrote:
>
> Il giorno 28/nov/2011, alle ore 11.25, Mișu Moldovan ha scritto:
>
>> On Mon, Nov 28, 2011 at 08:02, Pandu Poluan <pandu@poluan.info> wrote:
>>> So, here I am preparing to build a mailfiltering gateway, when I run into a
>>> dilemma:
>>>
>>> Mailscanner or amavisd-new?
>>>
>>> Any thoughts, suggestions, experiences?
>>
>> MIMEDefang. The above solutions only scan mails AFTER accepting them.
>
> uhm...seems that it works only with sendmail. Is there a version also for postifix?

It works with Postfix too... In fact, it works with any MTA that
supports the Milter API, I have used MIMEDefang for years with a
commercial solution.

-- 
mișu

Re: [gentoo-server] Mailscanner or amavisd-new

[Hannes Erven]

Am 2011-11-28 11:25, schrieb Mișu Moldovan:
>> Mailscanner or amavisd-new?
> 
> The above solutions only scan mails AFTER accepting them.


This is not true -- I have several amavisd-new setups with postfix that
filter before queuing the message.
Messages identified as Spam, Virus or messages with disallowed
attachments (.exe,.vbs,...) are rejected by the MTA.

See: http://www.postfix.org/SMTPD_PROXY_README.html


-hannes

Re: [gentoo-server] Mailscanner or amavisd-new

[Mișu Moldovan]

On Mon, Nov 28, 2011 at 13:28, Hannes Erven <h.e@gmx.at> wrote:
> Am 2011-11-28 11:25, schrieb Mișu Moldovan:
>>> Mailscanner or amavisd-new?
>>
>> The above solutions only scan mails AFTER accepting them.
>
> This is not true -- I have several amavisd-new setups with postfix that
> filter before queuing the message.
> Messages identified as Spam, Virus or messages with disallowed
> attachments (.exe,.vbs,...) are rejected by the MTA.
>
> See: http://www.postfix.org/SMTPD_PROXY_README.html

Thank you for clarifying it, I wasn't aware that amavsid-new can do
that. However, at http://www.amavis.org/#faq-mta I read:

The Postfix Before-Queue Content Filter setup, also known as
smtpd_proxy setup, is not a supported or recommended setup with
amavisd-new, which is not a transparent SMTP proxy by design. See
caveats in README_FILES/SMTPD_PROXY_README

Unfortunately, I couldn't find the referenced README in the sources.
Can you tell us more in this regard?

Thanks,

-- 
mișu

Re: [gentoo-server] Mailscanner or amavisd-new

[Pandu Poluan]

[-- Attachment #1: Type: text/plain, Size: 1375 bytes --]

On Nov 28, 2011 6:48 PM, "Mișu Moldovan" <dumol@gnome.org> wrote:
>
> On Mon, Nov 28, 2011 at 13:28, Hannes Erven <h.e@gmx.at> wrote:
> > Am 2011-11-28 11:25, schrieb Mișu Moldovan:
> >>> Mailscanner or amavisd-new?
> >>
> >> The above solutions only scan mails AFTER accepting them.
> >
> > This is not true -- I have several amavisd-new setups with postfix that
> > filter before queuing the message.
> > Messages identified as Spam, Virus or messages with disallowed
> > attachments (.exe,.vbs,...) are rejected by the MTA.
> >
> > See: http://www.postfix.org/SMTPD_PROXY_README.html
>
> Thank you for clarifying it, I wasn't aware that amavsid-new can do
> that. However, at http://www.amavis.org/#faq-mta I read:
>
> The Postfix Before-Queue Content Filter setup, also known as
> smtpd_proxy setup, is not a supported or recommended setup with
> amavisd-new, which is not a transparent SMTP proxy by design. See
> caveats in README_FILES/SMTPD_PROXY_README
>
> Unfortunately, I couldn't find the referenced README in the sources.
> Can you tell us more in this regard?
>

I think it's Postfix's README:

http://www.postfix.org/SMTPD_PROXY_README.html

That said, the above page explicitly warns about the possibility of server
deadlock. Since this is meant to be the corporate mail gateway, I prefer
the after-queue methods.

Rgds,

[-- Attachment #2: Type: text/html, Size: 1906 bytes --]

[gentoo-server] Re: Mailscanner or amavisd-new

[Pandu Poluan]

[-- Attachment #1: Type: text/plain, Size: 708 bytes --]

On Nov 28, 2011 1:02 PM, "Pandu Poluan" <pandu@poluan.info> wrote:
>
> So, here I am preparing to build a mailfiltering gateway, when I run into
a dilemma:
>
> Mailscanner or amavisd-new?
>
> Any thoughts, suggestions, experiences?
>

Silly me. Just found out about this page:

http://www.postfix.org/addon.html

... and I quote:

> mailscanner system, works with Postfix and other MTAs. WARNING: This
software uses unsupported methods to manipulate Postfix queue files
directly. This will result in corruption or loss of mail. The mailscanner
authors have sofar refused to discuss a proper access API or protocol.

Case solved. amavisd-new, it will be.

Thanks for everyone who have tried to answer!

Rgds,

[-- Attachment #2: Type: text/html, Size: 941 bytes --]

Re: [gentoo-server] Mailscanner or amavisd-new

[Mișu Moldovan]

On Mon, Nov 28, 2011 at 14:04, Pandu Poluan <pandu@poluan.info> wrote:
[snip]
>
> I think it's Postfix's README:
>
> http://www.postfix.org/SMTPD_PROXY_README.html
>
> That said, the above page explicitly warns about the possibility of server
> deadlock. Since this is meant to be the corporate mail gateway, I prefer the
> after-queue methods.

Ah, I see... I know that README and it is basically right. However,
even with after-queue scanning you will run into the same class of
problems and you'll have to put limits for the number of threads for
antispam scanning etc.

The main difference, speed-wise, is that with after-queue scanning the
MTA will accept and queue new mail much faster. But the delivery will
still be delayed until scanning finishes. In case of a massive flood
of mails or a malfunction of the filters, both the sender and the
receiver will be unaware of the delay.

But if you put the limits right in the before-queue antispam scanning,
there will be no delays that the sender or receiver are unaware of. In
case of a massive flood of mails, the sender's MTA will keep retrying
until reaching the limit (eg. 4 hours) when it will inform the sender
that it cannot deliver and it is still retrying. So the sender will
know that he/she must try to reach that person using other channels of
communication.

There are other related advantages in this scenario, but I will not
bore you with more details.

-- 
mișu

Re: [gentoo-server] Mailscanner or amavisd-new

[Pandu Poluan]

On Mon, Nov 28, 2011 at 20:44, Mișu Moldovan <dumol@gnome.org> wrote:
> On Mon, Nov 28, 2011 at 14:04, Pandu Poluan <pandu@poluan.info> wrote:
> [snip]
>>
>> I think it's Postfix's README:
>>
>> http://www.postfix.org/SMTPD_PROXY_README.html
>>
>> That said, the above page explicitly warns about the possibility of server
>> deadlock. Since this is meant to be the corporate mail gateway, I prefer the
>> after-queue methods.
>
> Ah, I see... I know that README and it is basically right. However,
> even with after-queue scanning you will run into the same class of
> problems and you'll have to put limits for the number of threads for
> antispam scanning etc.
>
> The main difference, speed-wise, is that with after-queue scanning the
> MTA will accept and queue new mail much faster. But the delivery will
> still be delayed until scanning finishes. In case of a massive flood
> of mails or a malfunction of the filters, both the sender and the
> receiver will be unaware of the delay.
>
> But if you put the limits right in the before-queue antispam scanning,
> there will be no delays that the sender or receiver are unaware of. In
> case of a massive flood of mails, the sender's MTA will keep retrying
> until reaching the limit (eg. 4 hours) when it will inform the sender
> that it cannot deliver and it is still retrying. So the sender will
> know that he/she must try to reach that person using other channels of
> communication.
>

Hmmm... you do have a point.

I'm going to study MIMEDefang.

Rgds,
-- 
FdS Pandu E Poluan
~ IT Optimizer ~

 • LOPSA Member #15248
 • Blog : http://pepoluan.tumblr.com
 • Linked-In : http://id.linkedin.com/in/pepoluan

Re: [gentoo-server] Mailscanner or amavisd-new

[Eduardo Schoedler]

[-- Attachment #1: Type: text/plain, Size: 323 bytes --]

Take a look in ASSP.

--
Eduardo Schoedler
Sent via iPhone


Em 28/11/2011, às 04:02, Pandu Poluan <pandu@poluan.info> escreveu:

> So, here I am preparing to build a mailfiltering gateway, when I run into a dilemma:
> 
> Mailscanner or amavisd-new?
> 
> Any thoughts, suggestions, experiences?
> 
> Rgds,

[-- Attachment #2: Type: text/html, Size: 570 bytes --]

Re: [gentoo-server] Mailscanner or amavisd-new

[Pandu Poluan]

[-- Attachment #1: Type: text/plain, Size: 495 bytes --]

On Nov 28, 2011 5:27 PM, "Mișu Moldovan" <dumol@gnome.org> wrote:
>
> On Mon, Nov 28, 2011 at 08:02, Pandu Poluan <pandu@poluan.info> wrote:
> > So, here I am preparing to build a mailfiltering gateway, when I run
into a
> > dilemma:
> >
> > Mailscanner or amavisd-new?
> >
> > Any thoughts, suggestions, experiences?
>
> MIMEDefang. The above solutions only scan mails AFTER accepting them.
>

Can you point me to a resource on how to integrate MIMEDefang and Postfix?

Rgds,

[-- Attachment #2: Type: text/html, Size: 716 bytes --]

Re: [gentoo-server] Mailscanner or amavisd-new

[Mișu Moldovan]

On Mon, Nov 28, 2011 at 17:49, Pandu Poluan <pandu@poluan.info> wrote:
>
> Can you point me to a resource on how to integrate MIMEDefang and Postfix?

Think of MIMEDefang as a regular Milter filter. I think this would
apply: http://www.postfix.org/MILTER_README.html#config

-- 
mișu

Re: [gentoo-server] Mailscanner or amavisd-new

[Pandu Poluan]

[-- Attachment #1: Type: text/plain, Size: 418 bytes --]

On Nov 28, 2011 11:35 PM, "Mișu Moldovan" <dumol@gnome.org> wrote:
>
> On Mon, Nov 28, 2011 at 17:49, Pandu Poluan <pandu@poluan.info> wrote:
> >
> > Can you point me to a resource on how to integrate MIMEDefang and
Postfix?
>
> Think of MIMEDefang as a regular Milter filter. I think this would
> apply: http://www.postfix.org/MILTER_README.html#config
>

Thanks! Now, any configuration guides?

Rgds,

[-- Attachment #2: Type: text/html, Size: 669 bytes --]

Re: [gentoo-server] Mailscanner or amavisd-new

[Mișu Moldovan]

On Mon, Nov 28, 2011 at 18:50, Pandu Poluan <pandu@poluan.info> wrote:
>
> On Nov 28, 2011 11:35 PM, "Mișu Moldovan" <dumol@gnome.org> wrote:
>>
>> On Mon, Nov 28, 2011 at 17:49, Pandu Poluan <pandu@poluan.info> wrote:
>> >
>> > Can you point me to a resource on how to integrate MIMEDefang and
>> > Postfix?
>>
>> Think of MIMEDefang as a regular Milter filter. I think this would
>> apply: http://www.postfix.org/MILTER_README.html#config
>>
>
> Thanks! Now, any configuration guides?

Heh, I actually wrote a whitepaper on the subject back in the day...
But it was geared to the admins of a commercial MTA and that
documentation is private and copyrighted by my former employee.

The general idea is that scanning mail before accepting it gives you a
lot of flexibility in rejecting spam, viruses and other unwanted junk.
Phishing doesn't hurt anymore, you don't bounce mail, you don't
discard it and you don't quarantine it. False positives result in a
NDR being generated by the MTA of the sender, so they are guaranteed
to reach the real sender (in case one exists, of course).

MIMEDefang's configuration is actually a Perl script which gives you a
lot of flexibility in dealing with external filters, adding custom
rules etc. The default filter is pretty lame as far as I remember, but
there are plenty of rich examples on the Internet. I would suggest
using combined blacklists extensively before scanning and to not
accept mail with high spam scores. Also, a good idea is to block
extensions such as exe, pif, bat (in zip files also) before scanning
for viruses (if such a scan is really needed).

HTH,

-- 
mișu

Re: [gentoo-server] Mailscanner or amavisd-new

[J. Roeleveld]

On Mon, November 28, 2011 7:27 pm, Mișu Moldovan wrote:
<SNIPPED>
> Also, a good idea is to block
> extensions such as exe, pif, bat (in zip files also) before scanning
> for viruses (if such a scan is really needed).

I disagree. There are valid reasons to send "*.exe" and "*.bat" files via
email. Braindead filters on extensions only cause problems.

--
Joost

Re: [gentoo-server] Mailscanner or amavisd-new

[Vinícius Ferrão]

[-- Attachment #1: Type: text/plain, Size: 583 bytes --]

Agreed.

Filtering Windows executables will only make the system admin to be recognized as an asshole and windows-hater.

On Nov 29, 2011, at 10:11 AM, J. Roeleveld wrote:

> On Mon, November 28, 2011 7:27 pm, Mișu Moldovan wrote:
> <SNIPPED>
>> Also, a good idea is to block
>> extensions such as exe, pif, bat (in zip files also) before scanning
>> for viruses (if such a scan is really needed).
> 
> I disagree. There are valid reasons to send "*.exe" and "*.bat" files via
> email. Braindead filters on extensions only cause problems.
> 
> --
> Joost
> 
> 


[-- Attachment #2: smime.p7s --]
[-- Type: application/pkcs7-signature, Size: 2327 bytes --]

Re: [gentoo-server] Mailscanner or amavisd-new

[Pandu Poluan]

[-- Attachment #1: Type: text/plain, Size: 815 bytes --]

On Nov 29, 2011 8:25 PM, "Vinícius Ferrão" <viniciusferrao@cc.if.ufrj.br>
wrote:
>
> Agreed.
>
> Filtering Windows executables will only make the system admin to be
recognized as an asshole and windows-hater.
>
> On Nov 29, 2011, at 10:11 AM, J. Roeleveld wrote:
>
> > On Mon, November 28, 2011 7:27 pm, Mișu Moldovan wrote:
> > <SNIPPED>
> >> Also, a good idea is to block
> >> extensions such as exe, pif, bat (in zip files also) before scanning
> >> for viruses (if such a scan is really needed).
> >
> > I disagree. There are valid reasons to send "*.exe" and "*.bat" files
via
> > email. Braindead filters on extensions only cause problems.
> >

With my current setup, I already block .exe, .pif, .com, .lnk, .scr, and
their ilks.

But I do allow .zip and .rar, though.

Rgds,

[-- Attachment #2: Type: text/html, Size: 1085 bytes --]

Re: [gentoo-server] Mailscanner or amavisd-new

[J. Roeleveld]

On Tue, November 29, 2011 2:22 pm, Vinícius Ferrão wrote:
> Agreed.
>
> Filtering Windows executables will only make the system admin to be
> recognized as an asshole and windows-hater.

I wouldn't class him/her as an ***hole or *******-hater.
Simply as an incompetent braindead hobbyist who doesn't know what he/she
is doing.

Sadly, my ISP filters those on outgoing emails. Which makes it difficult
for me to send stuff to friends/colleagues who know how to handle these
things.

--
Joost

Re: [gentoo-server] Mailscanner or amavisd-new

[J. Roeleveld]

On Tue, November 29, 2011 2:36 pm, Pandu Poluan wrote:
> On Nov 29, 2011 8:25 PM, "Vinícius Ferrão"
> <viniciusferrao@cc.if.ufrj.br>
> wrote:
>>
>> Agreed.
>>
>> Filtering Windows executables will only make the system admin to be
> recognized as an asshole and windows-hater.
>>
>> On Nov 29, 2011, at 10:11 AM, J. Roeleveld wrote:
>>
>> > On Mon, November 28, 2011 7:27 pm, Mișu Moldovan wrote:
>> > <SNIPPED>
>> >> Also, a good idea is to block
>> >> extensions such as exe, pif, bat (in zip files also) before scanning
>> >> for viruses (if such a scan is really needed).
>> >
>> > I disagree. There are valid reasons to send "*.exe" and "*.bat" files
> via
>> > email. Braindead filters on extensions only cause problems.
>> >
>
> With my current setup, I already block .exe, .pif, .com, .lnk, .scr, and
> their ilks.
>
> But I do allow .zip and .rar, though.

Do you have a good reason to block on extensions?
Virus-scanners work quite nicely already and are not fooled by changing
the extensions.

I have received viruses where the email contained instructions to change
the extension to .exe. Filtering on extension will not stop those.

--
Joost

Re: [gentoo-server] Mailscanner or amavisd-new

[Pandu Poluan]

[-- Attachment #1: Type: text/plain, Size: 1768 bytes --]

On Nov 29, 2011 9:10 PM, "J. Roeleveld" <joost@antarean.org> wrote:
>
> On Tue, November 29, 2011 2:36 pm, Pandu Poluan wrote:
> > On Nov 29, 2011 8:25 PM, "Vinícius Ferrão"
> > <viniciusferrao@cc.if.ufrj.br>
> > wrote:
> >>
> >> Agreed.
> >>
> >> Filtering Windows executables will only make the system admin to be
> > recognized as an asshole and windows-hater.
> >>
> >> On Nov 29, 2011, at 10:11 AM, J. Roeleveld wrote:
> >>
> >> > On Mon, November 28, 2011 7:27 pm, Mișu Moldovan wrote:
> >> > <SNIPPED>
> >> >> Also, a good idea is to block
> >> >> extensions such as exe, pif, bat (in zip files also) before scanning
> >> >> for viruses (if such a scan is really needed).
> >> >
> >> > I disagree. There are valid reasons to send "*.exe" and "*.bat" files
> > via
> >> > email. Braindead filters on extensions only cause problems.
> >> >
> >
> > With my current setup, I already block .exe, .pif, .com, .lnk, .scr, and
> > their ilks.
> >
> > But I do allow .zip and .rar, though.
>
> Do you have a good reason to block on extensions?
> Virus-scanners work quite nicely already and are not fooled by changing
> the extensions.
>
> I have received viruses where the email contained instructions to change
> the extension to .exe. Filtering on extension will not stop those.
>

Because some other mail servers reject those files, and my lusers are too,
uh, intelligence-challenged to understand the simple error message returned
by the receiving server. Some are even so brain-dead to totally ignore any
server error message.

So, I outright block those attachments. Now, offending emails got rejected
during SMTP submission, and the lusers have to take action instead of
ignoring the issue.

Rgds,

[-- Attachment #2: Type: text/html, Size: 2364 bytes --]

Re: [gentoo-server] Mailscanner or amavisd-new

[Alessandro Storti Gajani]

Or perhaps like someone who knows his users are going to open every
single exe or such they get.

I do block all that stuff with Mailscanner and since i've done it the
number of problems is dramatically decreased.

Regards

On 11/29/2011 02:22 PM, Vinícius Ferrão wrote:
> Agreed.
> 
> Filtering Windows executables will only make the system admin to be recognized as an asshole and windows-hater.
> 
> On Nov 29, 2011, at 10:11 AM, J. Roeleveld wrote:
> 
>> On Mon, November 28, 2011 7:27 pm, Mișu Moldovan wrote:
>> <SNIPPED>
>>> Also, a good idea is to block
>>> extensions such as exe, pif, bat (in zip files also) before scanning
>>> for viruses (if such a scan is really needed).
>>
>> I disagree. There are valid reasons to send "*.exe" and "*.bat" files via
>> email. Braindead filters on extensions only cause problems.
>>
>> --
>> Joost
>>
>>
> 

-- 
Alessandro Storti Gajani
Politecnico di Milano - Dipartimento di Ingegneria Strutturale

E-Mail: alex@stru.polimi.it
	alessandro.stortigajani@polimi.it

Tel. +39 02 2399 4313

		Marching down the left hand path...

Re: [gentoo-server] Mailscanner or amavisd-new

[Mișu Moldovan]

On Tue, Nov 29, 2011 at 16:04, J. Roeleveld <joost@antarean.org> wrote:
> On Tue, November 29, 2011 2:22 pm, Vinícius Ferrão wrote:
>> Agreed.
>>
>> Filtering Windows executables will only make the system admin to be
>> recognized as an asshole and windows-hater.
>
> I wouldn't class him/her as an ***hole or *******-hater.
> Simply as an incompetent braindead hobbyist who doesn't know what he/she
> is doing.
[snip]

Judging it this way, I see Gmail is also run by horde of incompetent
braindead hobbyist who don't know what they are doing... :)

-- 
mișu

Re: [gentoo-server] Mailscanner or amavisd-new

[kashani]

On 11/29/2011 6:04 AM, J. Roeleveld wrote:
> On Tue, November 29, 2011 2:22 pm, Vinícius Ferrão wrote:
>> Agreed.
>>
>> Filtering Windows executables will only make the system admin to be
>> recognized as an asshole and windows-hater.
>
> I wouldn't class him/her as an ***hole or *******-hater.
> Simply as an incompetent braindead hobbyist who doesn't know what he/she
> is doing.
>
> Sadly, my ISP filters those on outgoing emails. Which makes it difficult
> for me to send stuff to friends/colleagues who know how to handle these
> things.

	Meh, I'd consider your point of view if the bad *.exe to good ratio 
weren't somewhere in the vicinity of a million to 1. No point in wasting 
the cycles passing them to AV when you can just reject them. The one 
user you're likely to affect can use dropbox, http, ftp, etc.

kashani

Re: [gentoo-server] Mailscanner or amavisd-new

[Pandu Poluan]

[-- Attachment #1: Type: text/plain, Size: 1415 bytes --]

On Nov 30, 2011 1:29 AM, "kashani" <kashani-list@badapple.net> wrote:
>
> On 11/29/2011 6:04 AM, J. Roeleveld wrote:
>>
>> On Tue, November 29, 2011 2:22 pm, Vinícius Ferrão wrote:
>>>
>>> Agreed.
>>>
>>> Filtering Windows executables will only make the system admin to be
>>> recognized as an asshole and windows-hater.
>>
>>
>> I wouldn't class him/her as an ***hole or *******-hater.
>> Simply as an incompetent braindead hobbyist who doesn't know what he/she
>> is doing.
>>
>> Sadly, my ISP filters those on outgoing emails. Which makes it difficult
>> for me to send stuff to friends/colleagues who know how to handle these
>> things.
>
>
>        Meh, I'd consider your point of view if the bad *.exe to good
ratio weren't somewhere in the vicinity of a million to 1. No point in
wasting the cycles passing them to AV when you can just reject them. The
one user you're likely to affect can use dropbox, http, ftp, etc.
>

True.  How so very true. It took me more than one year to train my BoD to
stop sending huge files (10MB+) using email. Almost two years to train the
lusers to distrust attachments, and act reciprocally (i. e., to not send
*.exe files unwrapped).

It's been a hard job trying to turn the lusers into sheeples, but
satisfying when they finally "see the light", so to speak. :-)

(And you can easily see that I've been reading too much BOFH)

Rgds,

[-- Attachment #2: Type: text/html, Size: 1778 bytes --]

Re: [gentoo-server] Mailscanner or amavisd-new

[J. Roeleveld]

On Tue, November 29, 2011 3:22 pm, Alessandro Storti Gajani wrote:
> Or perhaps like someone who knows his users are going to open every
> single exe or such they get.
>
> I do block all that stuff with Mailscanner and since i've done it the
> number of problems is dramatically decreased.
>
> Regards

That's what virusscanners and restrictive policies on the desktop are for.
Simply blocking files for all users, including the ones with technical
roles, causes too many problems.

--
Joost

Re: [gentoo-server] Mailscanner or amavisd-new

[J. Roeleveld]

On Tue, November 29, 2011 7:02 pm, Mișu Moldovan wrote:
> On Tue, Nov 29, 2011 at 16:04, J. Roeleveld <joost@antarean.org> wrote:
>> On Tue, November 29, 2011 2:22 pm, Vinícius Ferrão wrote:
>>> Agreed.
>>>
>>> Filtering Windows executables will only make the system admin to be
>>> recognized as an asshole and windows-hater.
>>
>> I wouldn't class him/her as an ***hole or *******-hater.
>> Simply as an incompetent braindead hobbyist who doesn't know what he/she
>> is doing.
> [snip]
>
> Judging it this way, I see Gmail is also run by horde of incompetent
> braindead hobbyist who don't know what they are doing... :)

Interesting, I haven't noticed executables being blocked by GMail.

Will need to test that.

--
Joost

Re: [gentoo-server] Mailscanner or amavisd-new

[J. Roeleveld]

On Tue, November 29, 2011 7:48 pm, Pandu Poluan wrote:
> On Nov 30, 2011 1:29 AM, "kashani" <kashani-list@badapple.net> wrote:
>>
>> On 11/29/2011 6:04 AM, J. Roeleveld wrote:
>>>
>>> On Tue, November 29, 2011 2:22 pm, Vinícius Ferrão wrote:
>>>>
>>>> Agreed.
>>>>
>>>> Filtering Windows executables will only make the system admin to be
>>>> recognized as an asshole and windows-hater.
>>>
>>>
>>> I wouldn't class him/her as an ***hole or *******-hater.
>>> Simply as an incompetent braindead hobbyist who doesn't know what
>>> he/she
>>> is doing.
>>>
>>> Sadly, my ISP filters those on outgoing emails. Which makes it
>>> difficult
>>> for me to send stuff to friends/colleagues who know how to handle these
>>> things.
>>
>>
>>        Meh, I'd consider your point of view if the bad *.exe to good
> ratio weren't somewhere in the vicinity of a million to 1. No point in
> wasting the cycles passing them to AV when you can just reject them. The
> one user you're likely to affect can use dropbox, http, ftp, etc.
>>
>
> True.  How so very true. It took me more than one year to train my BoD to
> stop sending huge files (10MB+) using email. Almost two years to train the
> lusers to distrust attachments, and act reciprocally (i. e., to not send
> *.exe files unwrapped).
>
> It's been a hard job trying to turn the lusers into sheeples, but
> satisfying when they finally "see the light", so to speak. :-)

True, but my problem with these policies is that they are set for all
users. Including the technically savvy who know what to trust and what not
to trust.
If I'm trying to help someone solve a problem, I might simply want to
quickly send a patched version of a file.

Wrapping them into a *.zip file is annoying, but ok. Problems start when
that trick doesn't work either.

> (And you can easily see that I've been reading too much BOFH)

BOFH stories are fun.

--
Joost

Re: [gentoo-server] Mailscanner or amavisd-new

[Pandu Poluan]

[-- Attachment #1: Type: text/plain, Size: 970 bytes --]

On Nov 30, 2011 2:39 PM, "J. Roeleveld" <joost@antarean.org> wrote:
>
> On Tue, November 29, 2011 7:02 pm, Mișu Moldovan wrote:
> > On Tue, Nov 29, 2011 at 16:04, J. Roeleveld <joost@antarean.org> wrote:
> >> On Tue, November 29, 2011 2:22 pm, Vinícius Ferrão wrote:
> >>> Agreed.
> >>>
> >>> Filtering Windows executables will only make the system admin to be
> >>> recognized as an asshole and windows-hater.
> >>
> >> I wouldn't class him/her as an ***hole or *******-hater.
> >> Simply as an incompetent braindead hobbyist who doesn't know what
he/she
> >> is doing.
> > [snip]
> >
> > Judging it this way, I see Gmail is also run by horde of incompetent
> > braindead hobbyist who don't know what they are doing... :)
>
> Interesting, I haven't noticed executables being blocked by GMail.
>
> Will need to test that.
>

Not only that; if you wrap the executable inside a non-passworded zip or
rar,  it will be rejected.

Rgds,

[-- Attachment #2: Type: text/html, Size: 1346 bytes --]

Re: [gentoo-server] Mailscanner or amavisd-new

[Mișu Moldovan]

On Wed, Nov 30, 2011 at 09:35, J. Roeleveld <joost@antarean.org> wrote:
>
> That's what virusscanners and restrictive policies on the desktop are for.
> Simply blocking files for all users, including the ones with technical
> roles, causes too many problems.

Technical people may encrypt their mail or at least encrypt archives
attached to their mail if it includes files with such extensions.
Hell, it's enough to rename file mywork.exe to mywork.ex_ when
attaching it to circumvent such filtering. Is this too much for people
with technical roles? Even Microsoft preaches this approach, take a
look at http://office.microsoft.com/en-us/outlook-help/blocked-attachments-in-outlook-HA001229952.aspx

In practice I found AV filters to be the most problematic filters at
the gateway level, at least in the Linux world. Blocking these
extensions (it's a long list, take a look at the previous link) almost
obsoletes AV filtering at the MTA level. Of course, there is malware
inside PDFs and JPEGs these days but I think it's better to scan for
such malware on the desktop. Some products also scan for phishing,
scams and other unwanted junk but SpamAssassin does a better overall
job in this regard.

-- 
mișu