[Mimedefang] Filtering new Mirosoft virus email ...
Cormack, Ken
kcormack at acs.roadway.com
Wed Sep 24 08:40:03 EDT 2003
> I was wondering if someone could tell me how I could DROP
> an entire email if a certain phrase was in the "subject" of the email.
>
> eg I want to filter any emails that have a subject of this:
> Fwd: Current Net Security Patch
> Hope someone can help with this.
Justin,
We use the following rule, in sendmail (rather than in the milter), and it
works great. Add this snippet of code to your sendmail.mc, and then use m4
to rebuild your .cf file (then keep reading, for more details on how to set
it up). Be careful when adding this to your config... it is TAB-sensitive.
(I've indicated tabs with [TAB])
LOCAL_RULESETS
######################################################################
###
### Add exact-match subject lines to /etc/mail/subjects_full
### Add substrings to match in subject lines to /etc/mail/subjects_part
### In both files, all spaces MUST be replaced with periods (.)
###
### Create two files called /etc/mail/subjects_full and
### /etc/mail/subjects_part. The former has complete
### unwanted 'subject' lines, while the latter has only
### substrings within 'subject' lines.
###
### As an example, suppose you want to filter out 'viagra'
### spam. The following entry in your subjects_part
### file would do it:
### viagra
###
### In the case of multi-word entries, all spaces MUST be
### replaced with periods. For example:
### herbal.viagra
###
### These filters are not case-sensitive.
###
### - Added 11 MARCH 2003
###
######################################################################
F{FullSubjects} -o /etc/mail/subjects_full
F{PartSubjects} -o /etc/mail/subjects_part
HSubject:[TAB]$>CheckSubject
SCheckSubject
R$={FullSubjects}$*[TAB]$: REJECTSUBJECT
R$* $={PartSubjects} $*[TAB]$: REJECTSUBJECT
R$* REJECTSUBJECT $*[TAB]$#error $: "553 Access Denied - MSG may contain
SPAM/WORM/VIRUS/HOAX."
######################################################################
Remember to watch for tabs. The comments at the top of the code explain the
ascii files used to hold your unwanted subject lines. To help get you
going, I've attached the "subjects_full" and "subjects_part" files that I
use. My files already include your "Current Net Security Patch" subject
line, as "current.net.security.patch" in the subjects_part file.
On my system, this blocks 2500 - 8000 spams per day, using the attached
subject lists. They'll show up in your maillog like this recent entry from
my own log this morning...
Sep 24 08:30:06 mail01 sendmail[14393]: h8OCU6mV014393:
ruleset=CheckSubject, arg1=Mystery Shopper - Free Vacation,
relay=some.host.com [XXX.XX.XXX.XX], reject=553 5.0.0 Access Denied - MSG
may contain SPAM/WORM/VIRUS/HOAX.
Hope this helps. :)
Ken
-------------- next part --------------
A non-text attachment was scrubbed...
Name: subjects_full
Type: application/octet-stream
Size: 699 bytes
Desc: not available
URL: <https://lists.mimedefang.org/pipermail/mimedefang_lists.mimedefang.org/attachments/20030924/9cc91f8e/attachment.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: subjects_part
Type: application/octet-stream
Size: 19986 bytes
Desc: not available
URL: <https://lists.mimedefang.org/pipermail/mimedefang_lists.mimedefang.org/attachments/20030924/9cc91f8e/attachment-0001.obj>
More information about the MIMEDefang
mailing list