[Dovecot] 64.31.19.48 attempt to break into my computer
Robert Schetterer
robert at schetterer.org
Fri Sep 23 16:45:01 EEST 2011
Am 23.09.2011 15:13, schrieb Stan Hoeppner:
> On 9/22/2011 9:42 AM, Robert Schetterer wrote:
>
>> why not simply use clamav-milter with sanesecurity sigs
>> ( works like charme here )
>> so the stuff dont pass ever in mailboxes, if you dont like reject , then
>> hold for manual human admin interaction
>
> Seems to me this could be done pretty easily with a PCRE/regexp body
> filter in Postfix, assuming the credentials follow a strict pattern.
> Apply it to the submission daemon stream and redirect the mail with a
> filter action to an admin mailbox. I've not written such a thing myself
> but it seems it would be pretty straightforward.
>
why that difficult
clamav-milter is able to hold mail, simply configure some monitor script
alarming admin when x number mail are in the hold queue
so he may delete or unhold it after inspection, i do monitoring i.e.
with bb-clone xymon
anyway monitoring postfix queues is always nice to have
from clamav-milter.conf
ACTIONS
The following group of options controls the delievery process
under different circumstances. The following actions are available:
- Accept: The message is accepted for delievery
- Reject: Immediately refuse delievery (a 5xx error is returned
to the peer)
- Defer: Return a temporary failure message (4xx) to the peer
- Blackhole (not available for OnFail): Like Accept but the
message is sent to oblivion
- Quarantine (not available for OnFail): Like Accept but message
is quarantined instead of being delivered. NOTE: In Sendmail the
quarantine queue can be examined via
mailq -qQ. For Postfix this causes the message to be placed on hold.
--
Best Regards
MfG Robert Schetterer
Germany/Munich/Bavaria
More information about the dovecot
mailing list