[Mimedefang] Block mail by subject
WBrown at e1b.org
WBrown at e1b.org
Wed Mar 24 12:45:21 EST 2004
> So you took heat because of an action/decision/policy on the receiving
end?
Welcome to my nightmare!
> I've posted my own solution to blocking subject-lines before, a couple
of
> times, on this list. It impliments subject line keyword blocks,
> complete-match blocks, and sends a 5.X.X rejection notice. Search the
list
> archives for references to the CheckSubject rule for sendmail that I
use. I
> currently match on 39 complete subjects, and 1270 subject keywords
> (including mutations). And given greylisting and other header checks
> performed by sendmail and MIMEDefang on my systems, it still catches
over
> 350 messages per day. Before adding greylisting to our defenses, this
was
> honestly THE single most effective rule in our arsenal, formerly
catching
> several thousand spams per day. We had ONE instance about a year ago
where
> a systemically-generated report created on a UNIX system in-house just
> happened to try using a subject-line that we blocked. A phone call to
the
> programmer describing the issue was all it took. The developer
re-worded
> the subject just enough to miss the filter, and there have been no
further
> reports of false positives. Just be careful (as always) with what you
put
> in the bad subject block lists.
At least you were rejecting, not dropping. Amazing how many places think
it's acceptable to just drop.
The other thing that was totally amazing is how many spam filtering
solution there are that will accept a message, let the SMTP connection
close, and then scan/filter the email. They have no choice but to beleive
the sender information if they wish to return a failure message. For
people like that, I have this very nice bridge for sale in NYC.
More information about the MIMEDefang
mailing list