[Mimedefang] Block mail by subject

Cormack, Ken kcormack at acs.roadway.com
Wed Mar 24 11:04:16 EST 2004


> Sarcasm noted.

Thanks for realizing that.  :)

> Finally we got a tech at the other end to admit they were blocking
> the subject "For your review" because one of the viruses was using
> that as a subject.

So you took heat because of an action/decision/policy on the receiving end?
Someone (the offended "higher-up") owes you an applogy.

I've posted my own solution to blocking subject-lines before, a couple of
times, on this list.  It impliments subject line keyword blocks,
complete-match blocks, and sends a 5.X.X rejection notice.  Search the list
archives for references to the CheckSubject rule for sendmail that I use.  I
currently match on 39 complete subjects, and 1270 subject keywords
(including mutations).  And given greylisting and other header checks
performed by sendmail and MIMEDefang on my systems, it still catches over
350 messages per day.  Before adding greylisting to our defenses, this was
honestly THE single most effective rule in our arsenal, formerly catching
several thousand spams per day.  We had ONE instance about a year ago where
a systemically-generated report created on a UNIX system in-house just
happened to try using a subject-line that we blocked.  A phone call to the
programmer describing the issue was all it took.  The developer re-worded
the subject just enough to miss the filter, and there have been no further
reports of false positives.  Just be careful (as always) with what you put
in the bad subject block lists.

Ken

_______________________________________________
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
MIMEDefang at lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang



More information about the MIMEDefang mailing list