[Mimedefang] spam filter for quarantine emails
John Von Essen
john at essenz.com
Sat Nov 27 19:28:25 EST 2004
I have noticed that when an email contains a violating file attachment,
spam filtering does not occur. Below is a snip from my mimedefang
config file. When a violating file attachment is present, I drop the
attachment and insert a phrase about how that file is not allowed. And
of course, the original body of the email is still present and is not
subject to spam filtering.
So obviously, if spammers want to get stuff through they would just
have to attached an empty text file called foo.scr and thats it - their
email gets through.
In my environment, I sort of have to have the below functionality. I
block .exe files, and I need to communicate that blockage to my users.
Is there anyway to modify the action_quarantine() and
action_drop_with_warning() functions such that they are not exempt from
spam filtering on the text body of the email?
Lately I have been getting alot of the MS Security Patch emails which
have an .exe attachment. Without the .exe I am sure SA would catch the
email as SPAM. Thanks
-John
sub filter ($$$$) {
my($entity, $fname, $ext, $type) = @_;
return if message_rejected(); # Avoid unnecessary work
if (filter_bad_filename($entity)) {
return action_quarantine($entity, "...");
}
}
sub filter_multipart ($$$$) {
my($entity, $fname, $ext, $type) = @_;
return if message_rejected(); # Avoid unnecessary work
if (filter_bad_filename($entity)) {
return action_drop_with_warning("...");
}
}
More information about the MIMEDefang
mailing list