|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: mimail pattern?
From: Mark Jeftovic (mark
jeftovic.net)
Date: Fri Aug 01 2003 - 20:28:49 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
I'm realizing now that the From header is admindestination_domain and
that we're on 1.1.11 which doesn't seem to support DISCARD in the
header_checks yet (does it?)
Trying to figure a way to discard otherwise all of these are going
to bounce back at the domains (especially the ones with catch-all
type addresses)
-mark
On Fri, 1 Aug 2003, Jim Seymour wrote:
> Mark Jeftovic <markjeftovic.net> wrote:
> >
> >
> >
> > I should have put in disclaimers, do your own DD, no warranties,
> > remove cellophane before eating, your milage may vary, etc.
>
> Same here :)
>
> >
> > But so far this is working for me, although I can think of various ways
> > it could be tightened up as a pattern.
> >
> > -mark
> >
> > On Fri, 1 Aug 2003, Mark Jeftovic wrote:
> >
> > >
> > >
> > > I've noticed the subject line is "your account" followed by a bunch
> > > of spaces and then 8 random characters.
> > >
> > > So far this is working for me:
> > >
> > > /^Subject: your account\s{5,}.{8,8}/ REJECT Mimail Virus Detected
> [snip]
> >
>
> Just one minor change...
>
> # mimail
> /^Subject:\s+.*your account\s{5,}.{8}/ REJECT
> /^Content-(Disposition|Type):\s+.*?(file)?name="?.*?message\.zip/ REJECT
> # end mimail
>
> And an expression for the attachment. (If you have a separate
> mime_header_checks file, the second one goes there.)
>
> They're also PCREs.
>
> Usual disclaimer: YMMV. Caveat Emptor. No warranty, expressed or
> implied, as to fitness for any particular use. It's worth what you
> paid for it. Etc.
>
> Btw: I leave this one in all the time...
>
> # *Any* zip file: just log a warning...
> /^Content-(Disposition|Type):\s+.+?(file)?name="?.+?\.zip\b/ WARN
>
> ...ever since Sobig.E came as a .zip. This way I know if a particular
> .zip file got past before I got the new filter in. For example: Today,
> after I found out about message.zip, after I put the new expression in
> I grepped the maillogs for message.zip.
>
>
--
mark jeftovic
http://www.easydns.com
http://mark.jeftovic.net
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]