[Mimedefang] Blocking tiny messages
Fred Tarasevicius
tech2 at i-is.com
Thu Dec 14 14:34:49 EST 2006
Hello Kenneth,
Tuesday, December 5, 2006, 4:14:20 AM, you wrote:
> Given the recent run of messages that contain just a short number, I'm
> inclined to reject any message that contains a body of less than 20-40
> bytes as being a nuisance. Does anyone have a piece of code that does that?
> (I'll copy it to the wiki.)
It would be a safer idea to look at the headers of a few of these
short messages and see if you can find the hidden secret. There's a
surprise in it for you if you can, you'll have a safe sign to remove
these from your server and a safe rule you can use if this botnet
reactivates with stupid configuration. For the blind, look at the
message-id and you'll see some easy pattern matching.
header FH_MSGID_000000 MESSAGEID =~ /\$00000000\@/
describe FH_MSGID_000000 Special MSGID
score FH_MSGID_000000 10
--
Best regards,
Fred mailto:tech2 at i-is.com
More information about the MIMEDefang
mailing list