Loading ...
Sorry, an error occurred while loading the content.

Re: Delaying mail delivery

Expand Messages
  • Jan P. Kessler
    ... Would it be possible to explain, what you mean by a better solution ? My problem is, that since a while we receive mails containing 0-day malware which is
    Message 1 of 15 , Nov 12, 2012
    • 0 Attachment
      > - To inspect mail for badness (there is a better solution in Postfix
      > than hold+cron)

      Would it be possible to explain, what you mean by "a better solution"?

      My problem is, that since a while we receive mails containing 0-day
      malware which is not recognised by any of our AV scanners
      (Trendmicro/postfix relay, Symantec/Exchange and Kaspersky/Client).
      Mostly the attachments are ZIP files containing executables (exe, com,
      pif, scr). As we have a lot of developers, we do not want to block these
      in general (as we already do with non-zipped executables).

      The occurences do last only several minutes and the mails are sent only
      to a few 100 recipients (~20k Mailboxes). The sources are mainly
      compromised freemail accounts, so we can not filter those mails by
      origin (rbl, ...) and greylisting is not effective. We even can not
      filter based on message content or sender addresses. The mails are very
      well forged (good language and design) and the senders vary. On a
      regulary base we have dozens of infected workstations.

      Sometimes, when we became aware of such a "malware wave", we put all
      mails on HOLD over the weekend giving the AV scanners time to update
      their patterns. An interesting option would be the ability, to delay the
      delivery of mails meeting defined criteria (senders, clients or
      attachment types).

      Jan
    Your message has been successfully submitted and would be delivered to recipients shortly.