[Mimedefang] Using a db for subject lines to block
Cormack, Ken
Ken.Cormack at roadway.com
Mon Jun 20 16:12:06 EDT 2005
Group,
I've worked up a function to block spam from within the filter_begin
function of mimedefang-filter.
It allows me to block on the entire subject line, or, by picking apart the
incoming subject line into individual words, can search a simple hashed
database for subject keywords to block.
Can anyone see any problems with the code below? Just logging, it appears
to be working pretty well.
#############################
# Search the subject-line database for subject lines/keywords to block
#############################
$DBFilenameSUBS = "/etc/mail/subjects.db";
sub lookup_subject() {
my $lc_subject = lc($Subject);
my $subject_result = 0;
my %GDB;
if (tie(%GDB,'DB_File', $DBFilenameSUBS, O_RDONLY)) {
# Scan database for a complete match (only)
$lc_subject =~ s/ /./g;
if ($GDB{$lc_subject}) {
$subject_result = 1;
# md_syslog('info', "subject_line: \"$Subject\" found in
subjects.db");
md_graphdefang_log("SUBJECT_LINE", "\"$Subject\" found in
subjects.db");
} else {
# scan database for each word in the subject
@subject_array = split (/\./, $lc_subject);
foreach $subject_word (@subject_array)
{
if ($GDB{$subject_word}) {
$subject_result = 1;
# md_syslog('info', "subject_word: \"$subject_word\" found
in subjects.db");
md_graphdefang_log("SUBJECT_WORD", "\"$subject_word\"
found in subjects.db");
}
}
}
untie %GDB;
} else {
md_syslog('warning', "subject: Cannot open file $DBFilenameSUBS");
}
return $subject_result;
}
#############################
For testing, the above is currently being called like this:
#############################
# Added this to replace sendmail ruleset
lookup_subject();
# if (lookup_subject()) {
# action_bounce("Access denied. Subject \"$Subject\" suggests MSG may
contain SPAM/WORM/VIRUS/HOAX.", "553", "5.7.1");
# return action_discard();
# }
#############################
The format of the source file used to build the hashed database is simply:
words.of.text REJECT
more.words REJECT
another.spam.subject REJECT
...and so on. This ascii source file then gets converted into a hash file,
with:
makemap -f hash subjects.db < source_file
More information about the MIMEDefang
mailing list