[Mimedefang] Block mail by subject

WBrown at e1b.org WBrown at e1b.org
Wed Mar 24 12:45:21 EST 2004


> So you took heat because of an action/decision/policy on the receiving 
end?

Welcome to my nightmare!

> I've posted my own solution to blocking subject-lines before, a couple 
of
> times, on this list.  It impliments subject line keyword blocks,
> complete-match blocks, and sends a 5.X.X rejection notice.  Search the 
list
> archives for references to the CheckSubject rule for sendmail that I 
use.  I
> currently match on 39 complete subjects, and 1270 subject keywords
> (including mutations).  And given greylisting and other header checks
> performed by sendmail and MIMEDefang on my systems, it still catches 
over
> 350 messages per day.  Before adding greylisting to our defenses, this 
was
> honestly THE single most effective rule in our arsenal, formerly 
catching
> several thousand spams per day.  We had ONE instance about a year ago 
where
> a systemically-generated report created on a UNIX system in-house just
> happened to try using a subject-line that we blocked.  A phone call to 
the
> programmer describing the issue was all it took.  The developer 
re-worded
> the subject just enough to miss the filter, and there have been no 
further
> reports of false positives.  Just be careful (as always) with what you 
put
> in the bad subject block lists.

At least you were rejecting, not dropping.  Amazing how many places think 
it's acceptable to just drop.

The other thing that was totally amazing is how many spam filtering 
solution there are that will accept a message, let the SMTP connection 
close, and then scan/filter the email.  They have no choice but to beleive 
the sender information if they wish to return a failure message.  For 
people like that, I have this very nice bridge for sale in NYC.



More information about the MIMEDefang mailing list