From: Dennis Carr on


On Fri, 6 Aug 2010, JunkYardMail1(a)Verizon.net wrote:

> See Zip Attachment
>

I see it. What is this?

-Dennis

From: Jacqui Caren-home on
Udo Rader wrote:
> On 08/07/2010 05:40 AM, Dennis Carr wrote:
>>
>> On Fri, 6 Aug 2010, JunkYardMail1(a)Verizon.net wrote:
>>
>>> See Zip Attachment

I assumed this was a infection generated zip file...
I certainly had no intention of looking at it and from the email profile it would have been bounced by work systems as "too risky".

Q: Does *anyone* post zip files to this mailing list?

I see no reason why anyone would want to as most sensible folks tend to upload code and log snippets to an ftp/web site and provide a link.

So would it be sensible/possible to reject any list posts that include zip/bin/exe/scr/pif/... attachements?

Jacqui

From: Noel Jones on
On 8/10/2010 2:59 AM, Jacqui Caren-home wrote:
> Udo Rader wrote:
>> On 08/07/2010 05:40 AM, Dennis Carr wrote:
>>>
>>> On Fri, 6 Aug 2010, JunkYardMail1(a)Verizon.net wrote:
>>>
>>>> See Zip Attachment
>
> I assumed this was a infection generated zip file...
> I certainly had no intention of looking at it and from the
> email profile it would have been bounced by work systems as
> "too risky".
>
> Q: Does *anyone* post zip files to this mailing list?

Yes, zip files are allowed on this list and are not terribly
unusual.

But if the entire description is something like "check this
out", only the most foolish^Wadventurous will actually open them.


>
> I see no reason why anyone would want to as most sensible
> folks tend to upload code and log snippets to an ftp/web site
> and provide a link.

On this list it's customary to post log snippets and code
references in-line so people trying to help don't have to
search all over to find needed information. Large attachments
-- such as a tcpdump recording -- are frequently zipped;
nothing wrong with that.

But the original announcement from this thread should have
been a description of the project purpose, with a link to more
information and the code.


>
> So would it be sensible/possible to reject any list posts that
> include zip/bin/exe/scr/pif/... attachements?

Your server, your rules; reject whatever you want. Postfix
announcements will be text-only, so you are unlikely to miss
anything terribly important. But zip files are not always evil.

>
> Jacqui


-- Noel Jones

From: Jose Ildefonso Camargo Tolosa on
Hi!

On Tue, Aug 10, 2010 at 8:33 AM, Noel Jones <njones(a)megan.vbhcs.org> wrote:
> On 8/10/2010 2:59 AM, Jacqui Caren-home wrote:
>>
>> Udo Rader wrote:
>>>
>>> On 08/07/2010 05:40 AM, Dennis Carr wrote:
>>>>
>>>> On Fri, 6 Aug 2010, JunkYardMail1(a)Verizon.net wrote:
>>>>
>>>>> See Zip Attachment
>>
>> I assumed this was a infection generated zip file...
>> I certainly had no intention of looking at it and from the
>> email profile it would have been bounced by work systems as
>> "too risky".
>>
>> Q: Does *anyone* post zip files to this mailing list?
>
> Yes, zip files are allowed on this list and are not terribly unusual.
>
> But if the entire description is something like "check this out", only the
> most foolish^Wadventurous will actually open them.

Yes, it is better to describe your zip file, so that people feel more
comfortable, and off course, to allow people to decide whether or not
they need to open it (maybe someone is just not interested).

>
>
>>
>> I see no reason why anyone would want to as most sensible
>> folks tend to upload code and log snippets to an ftp/web site
>> and provide a link.
>
> On this list it's customary to post log snippets and code references in-line
> so people trying to help don't have to search all over to find needed
> information.  Large attachments -- such as a tcpdump recording -- are
> frequently zipped; nothing wrong with that.
>
> But the original announcement from this thread should have been a
> description of the project purpose, with a link to more information and the
> code.

I believe that just a description, and the intention of posting it
here: want an opinion, want to get it included with postfix, who
knows!

>
>
>>
>> So would it be sensible/possible to reject any list posts that
>> include zip/bin/exe/scr/pif/... attachements?
>
> Your server, your rules; reject whatever you want.  Postfix announcements
> will be text-only, so you are unlikely to miss anything terribly important.
>  But zip files are not always evil.

I personally doesn't reject any type of file, but *do* run anti-virus,
and any infected files are removed, but that's me, there are sites
that want everything filtered! (no exe, no zip, no rar, no tar, no
pif, no com (who use .com files today?)), but there is a time when
they receive a virus in the format of, say, a text string that
exploits a bug on the video driver! (I think this actually happened in
the past), so, all of that filtering for nothing.

I find it foolish to start filtering everything, just because a small
rate of that kind of file *may* be evil: it is like if you don't allow
people go to your office with laptops, because they can hook-up to
your network and steal information from your intranet (if you want to
prevent this, authenticate network ports with 802.1x or something like
that, don't use wifi, and off course, secure your intranet's
servers!).

Sorry if part of this gets off-topic, but this kind of discussion is
always interesting.

>
>>
>> Jacqui
>
>
>  -- Noel Jones
>

Ildefonso

From: "Mark Scholten" on


> -----Original Message-----
> From: owner-postfix-users(a)postfix.org [mailto:owner-postfix-
> users(a)postfix.org] On Behalf Of Jose Ildefonso Camargo Tolosa
> Sent: Tuesday, August 10, 2010 11:12 PM
> To: postfix users
> Subject: Re: Postfix MX Real-Time Anit-SPAM Firewall
>
> Hi!
>
> On Tue, Aug 10, 2010 at 8:33 AM, Noel Jones <njones(a)megan.vbhcs.org>
> wrote:
> > On 8/10/2010 2:59 AM, Jacqui Caren-home wrote:
> >>
> >> Udo Rader wrote:
> >>>
> >>> On 08/07/2010 05:40 AM, Dennis Carr wrote:
> >>>>
> >>>> On Fri, 6 Aug 2010, JunkYardMail1(a)Verizon.net wrote:
> >>>>
> >>>>> See Zip Attachment
> >>
> >> I assumed this was a infection generated zip file...
> >> I certainly had no intention of looking at it and from the
> >> email profile it would have been bounced by work systems as
> >> "too risky".
> >>
> >> Q: Does *anyone* post zip files to this mailing list?
> >
> > Yes, zip files are allowed on this list and are not terribly unusual.
> >
> > But if the entire description is something like "check this out",
> only the
> > most foolish^Wadventurous will actually open them.
>
> Yes, it is better to describe your zip file, so that people feel more
> comfortable, and off course, to allow people to decide whether or not
> they need to open it (maybe someone is just not interested).
>
> >
> >
> >>
> >> I see no reason why anyone would want to as most sensible
> >> folks tend to upload code and log snippets to an ftp/web site
> >> and provide a link.
> >
> > On this list it's customary to post log snippets and code references
> in-line
> > so people trying to help don't have to search all over to find needed
> > information.  Large attachments -- such as a tcpdump recording -- are
> > frequently zipped; nothing wrong with that.
> >
> > But the original announcement from this thread should have been a
> > description of the project purpose, with a link to more information
> and the
> > code.
>
> I believe that just a description, and the intention of posting it
> here: want an opinion, want to get it included with postfix, who
> knows!
>
> >
> >
> >>
> >> So would it be sensible/possible to reject any list posts that
> >> include zip/bin/exe/scr/pif/... attachements?
> >
> > Your server, your rules; reject whatever you want.  Postfix
> announcements
> > will be text-only, so you are unlikely to miss anything terribly
> important.
> >  But zip files are not always evil.
>
> I personally doesn't reject any type of file, but *do* run anti-virus,
> and any infected files are removed, but that's me, there are sites
> that want everything filtered! (no exe, no zip, no rar, no tar, no
> pif, no com (who use .com files today?)), but there is a time when
> they receive a virus in the format of, say, a text string that
> exploits a bug on the video driver! (I think this actually happened in
> the past), so, all of that filtering for nothing.

I personally believe in some filtering (double extensions/.exe files). Why?
Double extensions are often a sign of a virus (at least if you have a decent
sender). It is easy to put an .exe file in a .zip file or something else
(and lots of people just click on an attachment without reading the file
name/extension). The only thing difficult about is not to block too much,
but just enough.
>
> I find it foolish to start filtering everything, just because a small
> rate of that kind of file *may* be evil: it is like if you don't allow
> people go to your office with laptops, because they can hook-up to
> your network and steal information from your intranet (if you want to
> prevent this, authenticate network ports with 802.1x or something like
> that, don't use wifi, and off course, secure your intranet's
> servers!).
>
> Sorry if part of this gets off-topic, but this kind of discussion is
> always interesting.
>
> >
> >>
> >> Jacqui
> >
> >
> >  -- Noel Jones
> >
>
> Ildefonso
Regards, Mark