Microsoft fake emails

Went away on a shorty holiday to the interior lakes to collect my thoughts and re-energize. What do I find when I get home? 1970 fake email messages that passed spam assassin that have malicious attack codes attached. Even though Spam Assassin did catch over 300 of the messages, it still allowed WAY to many through to a single account.

After spending an hour wading through the imap inbox I got it cleaned up, only to have another 75 delivered or so. That means I was getting hit with more than 1 a minute and escalating. Me thinks someone finds it funny to nail my mail server with W32.Swen.A@mm. *sigh*

I fixed the problem by adding a filter in postfix to simply filter out exe files. Well, actually since I was reconfiguring the server with some pcre goodness I set it up to filter out any executable content from even entering the mail spool.

I had this configured in exim for years, but when I moved to postfix I decided I would like to try it with a more lax policy as it relates to attachments. Seems if you let your guard down even a little, it will be nailed. Hard to do anything but scold myself for this one. I preach about least privilege, and then allow attachments which have no business being sent in email. Alas, we are all human. And we CAN learn from our mistakes. I sure did.

So, if you feel like sending me attachments that are not compressed or encrypted with one of my public keys, it is probably going to get rejected.

The fix stopped the attacks cold... with only 3 new fake emails in the last 12 hours. Much more manageable. Thank you must go out to the idiot who wrote the damn attack, as I appreciate you keeping me on my toes and making me realize that the weakest link is the human factor, and that includes me.