[Mimedefang] Blocking tiny messages

[Fred Tarasevicius]

Hello Kenneth,

Tuesday, December 5, 2006, 4:14:20 AM, you wrote:

> Given the recent run of messages that contain just a short number, I'm
> inclined to reject any message that contains a body of less than 20-40
> bytes as being a nuisance. Does anyone have a piece of code that does that?
> (I'll copy it to the wiki.)

It would be a safer idea to look at the headers of a few of these
short messages and see if you can find the hidden secret.  There's a
surprise in it for you if you can, you'll have a safe sign to remove
these from your server and a safe rule you can use if this botnet
reactivates with stupid configuration.  For the blind, look at the
message-id and you'll see some easy pattern matching.


header   FH_MSGID_000000        MESSAGEID =~ /\$00000000\@/
describe FH_MSGID_000000        Special MSGID
score    FH_MSGID_000000        10




-- 
Best regards,
 Fred                            mailto:tech2 at i-is.com