[LINK] getting rid of image spam
Craig Sanders
cas at taz.net.au
Sat Oct 28 11:39:22 AEST 2006
On Sat, Oct 28, 2006 at 07:04:34AM +1000, Kim Holburn wrote:
> Nice technique for getting rid of image spam. Applies only to Apple
> Mail.app but could probably be made to work in other mail clients.
>
> http://www.hawkwings.net/2006/08/01/mailapp-rule-fix-for-image-spam/
>
> >He noticed that the image spam emails always have two
> >distinguishing marks: they come from a different address each time
> >and the Content-Type header begins with ?multipart/related?.
i've been using the FuzzyOCR plugin[1] for spamassassin for a few weeks
now, and it works quite well....but this is useful. i much prefer to
block spam during the SMTP stage with a reject than to accept and tag
it.
for anyone using postfix, here's a PCRE header_checks rule which blocks them:
/^Content-Type:.*multipart\/related.*boundary="(?:------------|--+=?_NextPart)/ REJECT
i came up with the boundary=... qualifier by examining all the
multipart/related image spams in my amavisd spamtrap quarrantine.
there's no guarantee that it wont reject other non-image-spam messages,
but this pattern is common to all of the ones in my spamtrap.
[1] http://wiki.apache.org/spamassassin/FuzzyOcrPlugin
craig
--
craig sanders <cas at taz.net.au> (part time cyborg)
More information about the Link
mailing list