[Mimedefang] Bare returns in message body

Aleksandar Milivojevic alex at milivojevic.org
Thu Nov 17 10:07:26 EST 2005

Quoting Tomasz Ostrowski <tometzky at batory.org.pl>:

> So I'd propose something like:
> /* after message_contains_virus() */
> if ($SuspiciousCharsInBody) {
> 	action_rebuild();
> }

If any of $SuspisiousCharsIn* are true, I'm doing (as one of the first 
things in
filter_begin, even before checking for viruses):

  action_quarantine_entire_message('descriptive msg');
  return action_bounce('descriptive msg');

I have this setup for very long time, and so far zero complaints from 
users. Even if there were complaints, this is part of anti-virus and 
anti-spam policy,
so I couldn't do anything about it ;-)

Looking at the log files, more than 99% of bounced stuff are viruses and spam,
and remainder is mainly chain letters and similar stuff that nobody really
cares if it gets bounced.  I've just checked this week's log files.  
Almost all
bounced messages (due to suspisious chars in either body or headers) were from
senders like "adfirwecxdferhvsjdsf at hotmail.com" (guess what those are).  Only
two were from something that "looked" like it might have been real email
address.  Checking the quarantine showed those two were viruses.

There was only one email adress in log files that was constantly 
bounced because
of this (in the beggining, when we started using MIMEDefang), but it seems
whoever owned it have fixed his/hers email setup very fast after emails 
to bounce.  So bouncing isn't as bad as it may sound, it helps people to fix
problems ;-)

This message was sent using IMP, the Internet Messaging Program.

More information about the MIMEDefang mailing list