[Mimedefang] suspicious characters

[Jan Pieter Cornet]

On Tue, Oct 25, 2005 at 12:19:46PM -0400, Joseph Brennan wrote:
> >My experience with $SuspiciousCharsInBody are that it is pretty much
> >useless in all circumstances except for a very strict home system
> >with a few users. There are simply too many crappy MUAs out there.
> 
> Cyrus rejects messages with these characters, and I'd rather refuse
> during smtp than generate bounces after Cyrus delivery fails. 

In that case, the choice is clear. Will this be a change in policy to
reject such messages, or have you always done that because Cyrus was
bouncing it anyway? If it's new, I'm curious to the reaction of your
users, if there are any complaints about this (I expected complaints,
which is why I stopped using the suspiciousBody test).

> Almost all of it really is garbage, about 15,000 a day (of 1.5 million--
> exactly the .01% Per reported previously!).

Actually, that's 1%, but from my cursory inspection about a year ago
roughly 90% of this is spam, so the amount of mail really lost is
closer to 0.1%. Which still adds up to about 1500 a day for your mail
volume.

> >Mimedefang strips all CR
> >characters from the input, before putting them in INPUTMSG, even if they
> >are "lone" CR characters that trigger the "suspiciousBody" flag. So you
> >will never see the CR characters in mimedefang (and neither will any
> >virus scanner or other content scanner you might use).
> 
> So that's it!  So the best I can do is distinguish null from return.

Or patch mimedefang.c :)

-- 
#!perl -wpl # mmfppfmpmmpp mmpffm <pmmppfmfpppppfmmmf at fpffmm4mmmpmfpmf.ppppmf>
$p=3-2*/[^\W\dmpf_]/i;s.[a-z]{$p}.vec($f=join('',$p-1?chr(sub{$_[0]*9+$_[1]*3+
$_[2]}->(map{/p|f/i+/f/i}split//,$&)+97):qw(m p f)[map{((ord$&)%32-1)/$_%3}(9,
3,1)]),5,1)='`'lt$&;$f.eig;                                # Jan-Pieter Cornet