-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Since "amavisd" does not appear to be catching the latest worm,
how about filtering on size? Anything, say, over 20K will be held
for approval. Here are the top posts by size to this list recently:

subject | whofrom | size
- -----------------------------------------------------------+--------------------------------------------------+-------
[GENERAL] Select for update, locks and transaction levels | "Nick Barr" <nick.barr (AT) webbased (DOT) co.uk> | 35107
[GENERAL] stacy | scrappy (AT) postgresql (DOT) org | 32648
[GENERAL] My photoalbum | scrappy (AT) postgresql (DOT) org | 32600
[GENERAL] stacy | scrappy (AT) PostgreSQL (DOT) org | 32467
[GENERAL] Weah, hello! :-) | scrappy (AT) postgresql (DOT) org | 29462
[GENERAL] Weeeeee! )) | scrappy (AT) postgresql (DOT) org | 29460
[GENERAL] Hey, ya! =)) | scrappy (AT) PostgreSQL (DOT) org | 29428
[GENERAL] | scrappy (AT) postgreSQL (DOT) org | 29305
[GENERAL] Hokki =) | scrappy (AT) postgresql (DOT) org | 28738
[GENERAL] | scrappy (AT) PostgreSQL (DOT) org | 28667
[GENERAL] help using arrays in a function | "Jennifer Lee" <jlee (AT) scri (DOT) sari.ac.uk> | 22774

Note that the first one is not a worm but 4k of message content with about 30k
of unnecessary HTML markup. Filtering such stuff would be alright with me too.

- --
Greg Sabino Mullane greg (AT) turnstep (DOT) com
PGP Key: 0x14964AC8 200403040640

-----BEGIN PGP SIGNATURE-----

iD8DBQFARxYmvJuQZxSWSsgRAvn2AJ47YY4gZKaISddB0i3/Ew8bZdPcygCfQOnB
1eknd99Tjp3j5+vwfpJ5NCk=
=coS2
-----END PGP SIGNATURE-----



---------------------------(end of broadcast)---------------------------
TIP 2: you can get off all lists at once with the unregister command
(send "unregister YourEmailAddressHere" to majordomo (AT) postgresql (DOT) org)

On Thu, 4 Mar 2004, Greg Sabino Mullane wrote:

The problem is, where do we stop? Tom pop'd me off a note about it
yesterday, and we drop'd it from 40k to 30k ...


----
Marc G. Fournier Hub.Org Networking Services (http://www.hub.org)
Email: scrappy (AT) hub (DOT) org Yahoo!: yscrappy ICQ: 7615664

---------------------------(end of broadcast)---------------------------
TIP 2: you can get off all lists at once with the unregister command
(send "unregister YourEmailAddressHere" to majordomo (AT) postgresql (DOT) org)

A quick stop-gap is to block all ZIPs. We don't usually see a lot of ZIP
attachments on these lists, IIRC.

If I'm not mistaken, you run postfix on the server for the lists. The
something along:
/etc/postfix/main.cf:
mime_header_checks = pcre:/etc/postfix/mime_header_checks

/etc/postfix/mime_header_checks:
/name=[^>]*\.(zip|exe|com|vbs)/ REJECT Potentially dangerous file
attachment.

Remove initial spaces, of course. And add/remove any other extensions
you need.


//Magnus

---------------------------(end of broadcast)---------------------------
TIP 4: Don't 'kill -9' the postmaster

perfect, thanks ... added ...

On Thu, 4 Mar 2004, Magnus Hagander wrote:

----
Marc G. Fournier Hub.Org Networking Services (http://www.hub.org)
Email: scrappy (AT) hub (DOT) org Yahoo!: yscrappy ICQ: 7615664

---------------------------(end of broadcast)---------------------------
TIP 7: don't forget to increase your free space map settings