[Mimedefang] Using a db for subject lines to block

Cormack, Ken Ken.Cormack at roadway.com
Mon Jun 20 16:12:06 EDT 2005 

Group,

I've worked up a function to block spam from within the filter_begin
function of mimedefang-filter.

It allows me to block on the entire subject line, or, by picking apart the
incoming subject line into individual words, can search a simple hashed
database for subject keywords to block.

Can anyone see any problems with the code below?  Just logging, it appears
to be working pretty well.


#############################
# Search the subject-line database for subject lines/keywords to block
#############################
$DBFilenameSUBS = "/etc/mail/subjects.db";
sub lookup_subject() {
    my $lc_subject = lc($Subject);
    my $subject_result = 0;

    my %GDB;
    if (tie(%GDB,'DB_File', $DBFilenameSUBS, O_RDONLY)) {
        # Scan database for a complete match (only)
        $lc_subject =~ s/ /./g;
        if ($GDB{$lc_subject}) {
            $subject_result = 1;
#           md_syslog('info', "subject_line: \"$Subject\" found in
subjects.db");
            md_graphdefang_log("SUBJECT_LINE", "\"$Subject\" found in
subjects.db");
        } else {
            # scan database for each word in the subject
            @subject_array = split (/\./, $lc_subject);
            foreach $subject_word (@subject_array)
            {
                if ($GDB{$subject_word}) {
                    $subject_result = 1;
#                   md_syslog('info', "subject_word: \"$subject_word\" found
in subjects.db");
                    md_graphdefang_log("SUBJECT_WORD", "\"$subject_word\"
found in subjects.db");
                }
            }
        }
        untie %GDB;
    } else {
        md_syslog('warning', "subject: Cannot open file $DBFilenameSUBS");
    }
    return $subject_result;
}
#############################

For testing, the above is currently being called like this:

#############################
    # Added this to replace sendmail ruleset
    lookup_subject();
#   if (lookup_subject()) {
#       action_bounce("Access denied. Subject \"$Subject\" suggests MSG may
contain SPAM/WORM/VIRUS/HOAX.", "553", "5.7.1");
#       return action_discard();
#   }
#############################

The format of the source file used to build the hashed database is simply:

	words.of.text	REJECT
	more.words		REJECT
	another.spam.subject	REJECT

...and so on.  This ascii source file then gets converted into a hash file,
with:

	makemap -f hash subjects.db < source_file

More information about the MIMEDefang mailing list