[Mimedefang] suspicious characters

Joseph Brennan brennan at columbia.edu
Mon Oct 24 12:12:29 EDT 2005

We've begun refusing mail with suspicious_chars_body.  Almost all is
junk but there's a trickle of legit mail and I want to be able to tell
those few what was wrong with their message.  The usual seems to be
text uploaded from Windows with RETURN in it.

I am trying this, below, to capture the first line with a suspicious
character.  The \000 and \015 are to be rewritten to NULL or RETURN
so we can see them, and then $badline is written to syslog.

What I get is NULL by itself, or nothing.  Apparently this code matches
on the \000 all right but not on the \015 and I don't know why.

Any ideas?

Joseph Brennan
Columbia University Information Technology

    if ($SuspiciousCharsInBody) {
        my ($badline);
        if (open(IN,"<./INPUTMSG")) {
            while(<IN>) {
                if (/\000/) {
                    $badline = $_;
                    $badline =~ s/\000/NULL/g;
                if (/\015/) {
                    $badline = $_;
                    $badline =~ s/\015/RETURN/g;
                last if ($badline);
        } else {
            $badline = "line not available";

	# (bounce it and write $badline to log)

More information about the MIMEDefang mailing list