Postfix mail server block Malware with blacklist
Malware is used for a harmful purpose. It can be in your software or hardware. Email and free (don't confuse with OSS) or pirated software is the most famous way to spread malware. It is inserted in a system w/o user notification.
Wikipedia defines Malware as:
Malware is software designed to infiltrate or damage a computer system without the owner's informed consent. It is a portmanteau of the words "malicious" and "software". The expression is a general term used by computer professionals to mean a variety of forms of hostile, intrusive, or annoying software or program code.
It will be a nice idea to block malware spreading urls and website. Setting up a mlaware blacklist in Postix MTA is quite easy. The Malware Block List is a free, automated and user contributed system for checking URLs for the presence of Viruses, Trojans, Worms, or any other software considered Malware. The list is available in 25 formats.
Create a blacklist
First you need to create a blacklist, type the following command:
# wget -O - http://www.malware.com.br/cgi/submit?action=list_postfix > /etc/postfix/mbl-body-deny
Configure Postfix
Open postfix main.cf file:
# vi /etc/postfix/main.cf
Setup postfix body_check directive:
body_checks = regexp:/etc/postfix/mbl-body-deny
Restart Postfix
Now just restart postfix:
# postmap /etc/postfix/mbl-body-deny
# /etc/init.d/postfix restart
Automate procedure
You need to setup a cron job to automate entire procedure. Create a shell script as follows (Download link):
#!/bin/bash # Script to update malware urls /usr/bin/wget -O - http://www.malware.com.br/cgi/submit?action=list_postfix > /etc/postfix/mbl-body-deny /usr/sbin/postmap /etc/postfix/mbl-body-deny /etc/init.d/postfix reload
Add cronjob as follows:
40 23 * * * /etc/admin/scripts/fetch.postfixmalware.sh >/dev/null 2>&1
You may wan to combine this feature with mime attachments blocking and anti spam blacklist for the best result.
Further readings
Want to stay up to date with the latest Linux tips, news and announcements? Subscribe to our free e-mail newsletter or full RSS feed to get all updates.
You can Email this page to a friend.
You may also be interested in...
- Postfix mail server block .bat, .exe .com .vbs mime attachments - common virus spreading files
- Postfix mail server limit the mailbox size
- Quick Tip: Postfix Flush the Mail Queue
- Postfix and MS-Exchange Mail Server Affected by ORDB.org Spam Service
- Postfix masquerading or changing outgoing SMTP email or mail address
Discussion on This Article:
Leave a Reply
We encourage your comments, and suggestions. But please stay on topic, be polite, and avoid spam. Thank you very much for stopping by our site!
Tags: blacklist, Linux, malware, mta, superior_solution, trojans, UNIX, Update, viruses, wget, worms ~ Last updated on: June 25, 2007



I’m giving it a try, even though the current list shows to have some duplicates.
Oh and AFAIK “postfix reload” will do fine too (instead of restarting)!
BOK,
Yes, reload is fine too, I’ve used reload in script. Just checked my log and there are 4 dupes. But it works like a charm on our anti spam email gateway
Nice - I’ll give it a try!
What will be the perl script to download this malware list please?
Regards
How do you unsuscribe Malware? I don’t want it, it is messing up my computer totally!! I want to delete now!!
Remove:
body_checks = regexp:/etc/postfix/mbl-body-deny
Restart postfix and you are done!
I want you to know that we are very pleased with the quality of Article you have provided. I sincerely appreciate your responsiveness and the way you conduct. I have recommended your to others because of our satisfaction. I look forward to doing with you further comment or suggestions. regards.electronic projects