[Mimedefang] How to trap this spam
David F. Skoll
dfs at roaringpenguin.com
Tue Dec 30 17:18:31 EST 2003
On Wed, 31 Dec 2003, Bill Maidment wrote:
> We've been getting a lot of spam getting through our defences
> (mimedefang 2.39 SpamAssassin 2.70-cvs Razor2) which looks like the
> attached. I quarantined it by trapping stuff with redundant html, but
> also picked up a lot of valid (?) email as well. Has anyone got any
> ideas about trapping this stuff without too many false positives?
In CanIt, we have a hash of valid HTML tags, and things like
</emphysema> ring alarm bells. Adding this to MIMEDefang is simple
and left as an exercise for the reader... (hint: Look at the Perl
HTML::Parser module.)
I also add 5 points for mail containing an img tag. That works OK for me,
but might cause (way) too many false-positives for you.
Regards,
David.
More information about the MIMEDefang
mailing list