NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Postfix Discussion> 2006-05

Re: Blocking mails that has only images as body

From: Robert Schetterer (robertschetterer.org)
Date: Wed May 10 2006 - 01:47:11 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi ll,
Sandy is right here, i know the problem too,
and greylisting nearly fixed it,
to tune spamd this stuff helped
http://www.exit0.us/index.php?pagename=RulesDuJour
Regards

Sandy Drobic schrieb:
> Victor Duchovni wrote:
>> On Wed, May 10, 2006 at 10:40:38AM +1000, Craig Sanders wrote:
>>
>>> On Tue, May 09, 2006 at 12:03:29AM -0300, Javier Viegas wrote:
>>>> Hi, is there any way to make postfix reject mails that have only
>>>> images with
>>>> html links as the mail body content? Im receiving lots of mails like
>>>> this,
>>>> that when i open them to see what can i use from the body or header
>>>> to use
>>>> it with body and header checks, i found that the body of the mail is
>>>> only an
>>>> image such as jpg or gif, and no text on it, so i can`t really have
>>>> body
>>>> checks working.
>>> i use this body_checks rule:
>>>
>>> /\bsrc\s*=(?:3D)?\s*"?cid:/ REJECT
>>>
>>> this rejects any IMG SRC (or SCRIPT SRC or other embedded object)
>>> which refers
>>> to an attachment in the current message (the "cid:" part).
>>>
>>> there is some potential for false positives, but i've only had one
>>> since i've
>>> been using this rule - i first started using a rule like this a few
>>> years ago,
>>> and it has evolved slightly over time.
>>>
>>
>> Be prepared for a *lot* of false positives unless you are hosting a
>> vanity
>> domain for technical users only. Embedded images in email are quite
>> common.
>>
> Sigh, I have to agree. I only had such a body_check active for a few
> minutes, but in that time I almost caught more false positives than
> spam. For crap like that greylisting seems to be the best.
>
> Sandy
>
> --
> Diese Nachricht wurde auf Viren und andere gefährliche Inhalte untersucht
> und ist - aktuelle Virenscanner vorausgesetzt - sauber.
>

--
Diese Nachricht wurde auf Viren und andere gefährliche Inhalte untersucht
und ist - aktuelle Virenscanner vorausgesetzt - sauber.

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]