[LINK] getting rid of image spam

Craig Sanders cas at taz.net.au
Sat Oct 28 11:39:22 AEST 2006


On Sat, Oct 28, 2006 at 07:04:34AM +1000, Kim Holburn wrote:
> Nice technique for getting rid of image spam.  Applies only to Apple  
> Mail.app but could probably be made to work in other mail clients.
> 
> http://www.hawkwings.net/2006/08/01/mailapp-rule-fix-for-image-spam/
>
> >He noticed that the image spam emails always have two  
> >distinguishing marks: they come from a different address each time  
> >and the Content-Type header begins with ?multipart/related?.

i've been using the FuzzyOCR plugin[1] for spamassassin for a few weeks
now, and it works quite well....but this is useful. i much prefer to
block spam during the SMTP stage with a reject than to accept and tag
it.


for anyone using postfix, here's a PCRE header_checks rule which blocks them:

/^Content-Type:.*multipart\/related.*boundary="(?:------------|--+=?_NextPart)/ REJECT

i came up with the boundary=... qualifier by examining all the
multipart/related image spams in my amavisd spamtrap quarrantine.
there's no guarantee that it wont reject other non-image-spam messages,
but this pattern is common to all of the ones in my spamtrap.


[1] http://wiki.apache.org/spamassassin/FuzzyOcrPlugin

craig

-- 
craig sanders <cas at taz.net.au>           (part time cyborg)



More information about the Link mailing list