[vox-tech] postfix question: content inspection for junk elimination

Henry House hajhouse at houseag.com
Thu Jun 10 11:24:06 PDT 2004 

I am using Postfix 2.0.16 to send and receive mail on wotan.hajhouse.org for
my several domains. I am using the content inspection mechanism
(header_checks, body_checks, etc) to identify spam and other junk messages
by regexps (PCRE) in order to reject such messages at SMTP time. This is
nice because it is very fast and avoids the extra CPU time and memory that
an external filter would require. I have some issues:

1. HTML-format messages

	I want to reject all messages that contain only a text/html part and not
	a text/plain alternative. That means that either there is a single
	attachment of type text/html or that there is a multipart/alternative
	attachment containing a single text/html subpart. In my experience, all
	such messages are junk.

	On the other hand, legitimate messages from clueless people who send in
	HTML format invariably consist of a multipart/alternative wrapper
	containing a text/html part and a text/plain part, the latter being the
	former minus HTML formatting cruft.

	Were it up to me, I would reject all HTML messages, including the
	legitimate ones above, since I consider HTML mail an abomination and a
	waste of bandwidth. But some people actually like lots of busy formatting
	in their e-mail and some do not know how to turn it off. Hardly anyone
	reads the informative bounce messages that wotan.hajhouse.org produces.

	So I want to reject the first class of messages described above, but
	accept the second, possibly returning a non-fatal warning to the sender.
	Any ideas?

2. Zip attachments

	I am also rejecting all zip files. This has so far been fine, since all
	zip files received for the last few months have been viruses. But surely
	there is a better way, other than blocking based on known virus
	signatures. Perhaps accepting zipfiles from people who have previously
	send us mail, but not from random senders. But how to do that? Can
	patterns be made conditional on the sender's address using buildin
	postfix mechanisms or do I need an external scanner like SpamAssassin?

	I usually ask people to send tarballs instead of zipfiles. Can popular
	DOS compression programs create tarballs?

-- 
Henry House
Please don't sent me HTML mail! My mail system will reject it.
The unintelligible text that may follow is a digital signature.
See <http://hajhouse.org/pgp> to find out how to use it.
My OpenPGP key: <http://hajhouse.org/hajhouse.asc>.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://rod.livepenguin.com/pipermail/vox-tech/attachments/20040610/ea8f25a1/attachment.bin

More information about the vox-tech mailing list