[Mimedefang] Using values in X- headers for filtering
Mitch at 0Bits.COM
Mitch at 0Bits.COM
Wed Aug 20 11:18:01 EDT 2003
In filter_end() in /etc/mail/mimedefang-filter we get passed
$entity - this is a MIME::Entity object which contains a MIME::Head
object which you need to do a pattern match and reject according
to your criteria. I suggest looking at
man MIME::Entity
and
man MIME::Head
as a start.
Cheers
Mitch
-------- Original Message --------
Subject: [Mimedefang] Using values in X- headers for filtering
Date: Wed, 20 Aug 2003 09:37:45 -0500
From: Murray Hunter <mimedefang at bitscribe.com>
Reply-To: mimedefang at lists.roaringpenguin.com
To: <mimedefang at lists.roaringpenguin.com>
I have just installed MD on our system to combat the flood of SO_BIG that
was arriving. Because we needed a quick fix to just discard malicious
attachments, and because we have a large amount of newsletter traffic, I
did not add in the SpamAssassin part.
So far it is working well, however there are still a large number of
emails coming in that appear to be sent from a SO_BIG infected pc, but
they did not contain the virus attachment when it was sent. All of these
messages have the following header lines that seem to be specific to
SO_BIG mails:
X-MailScanner: Found to be clean
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
I have looked through the man pages and forum, but have not found how one
can create a rule within MD to check the values of X- headers. I know I
can add/change/remove headers and test the Subject using $Subject, but is
there a way to check the X-Mailer and X-MailScanner headers for the
offending values?
Thanks,
Murray Hunter
More information about the MIMEDefang
mailing list