[Mimedefang] SPAM with Multiple Subject Headers
Sean Ware
sware at midwaygames.com
Thu Sep 1 13:16:25 EDT 2005
I have seen an increase in SPAM messages that contain multiple
'Subject:' header lines. My current MIMEDefang filter is configured to
rewrite the subject line of SPAM messages. This is working correctly
for messages with only a single Subject header. However it is not
working correctly in cases of messages with multiple subject headers.
In those cases, only one instance of the Subject: header is rewritten,
and often the other instance is the one that MUAs pick to display to
the users. So users are getting SPAM, that has been identified by spam
(the X-Spam-Score header is set), but they think the system is broken,
because they don't see the Subject rewrite.
My current filter looks like this:
if ($hits >= $req) {
action_change_header("X-Spam-Score", "$hits ($score) $names");
action_change_header('Subject', "*****SPAM***** $Subject");
md_graphdefang_log('spam', "$hits/$req:$names:", $RelayAddr);
action_add_part($entity, "text/plain", "-suggest",
"$report\n",
"", "inline", 0);
My question is, will this do what I want? Namely, delete all
occurances of Subject and re-write one canonical subject header,
appropriately tagged?
if ($hits >= $req) {
action_change_header("X-Spam-Score", "$hits ($score) $names");
action_delete_all_headers('Subject');
action_change_header('Subject', "*****SPAM***** $Subject");
md_graphdefang_log('spam', "$hits/$req:$names:", $RelayAddr);
action_add_part($entity, "text/plain", "-suggest",
"$report\n",
"", "inline", 0);
....Sean
--
Sean Ware Midway Amusement Games, LLC
Senior Network Engineer 2727 W. Roscoe Street
Information Technology Department Chicago, IL 60618-5909
sware at midwaygames.com (773) 961-2000
More information about the MIMEDefang
mailing list