Notify Sender when a virus is detected

Damien Robinet damien at robinet.net
Wed May 25 14:54:17 CEST 2011


Hi Gary,

Not, it's not possible, because if you have a SMTP login to my server,
I check if you use the good FROM.

I start my policy with that:
if($attr{"sasl_username"} =~ /^[\w\.-_]+\@[\w\.-]+$/) {

One example of my rule:
                if($status == 0) {
                        my $track1 = $mysql->prepare("SELECT domain
FROM mail_rewrite WHERE domain = '\@$sender_from' AND goto =
'\@$sender_domain'");
                        $track1->execute();
                        if(my $ref1 = $track1->fetchrow_hashref()) {
                                $status = 1;
                        }
                }

And if the sender (from) are not allowed with the sasl login:
$mysql->disconnect;
                        return "reject Sender address $sender_from not
owned by $sender_domain";
                }

If the sender match, i return "dunno".

I use my policy with the smtpd_end_of_data_restrictions of postfix :)

Regards,
Damien

2011/5/24 Gary V <mr88talent at gmail.com>:
>
> I think if it's a virus it could still fake sender address regardless
> of whether it comes from trusted networks or authenticated clients. I
> think if it is smart enough to be able to relay through your server,
> it would at least be smart enough to attempt forging the sender
> address. Same applies to spam or banned files that are created by
> spambots/malware or whatever.
>
> --
> Gary V
>


More information about the amavis-users mailing list