Wed, 23 Jun 2004, by k.lelong@ace-electronics.be:
Hi, I'm getting spam messages with a empty subject line. I would like to have Postfix to refuse these, so I need to have a line in my header-checks list. I'm new to this (I copied a list from http://www.securitysage.com/files/header_checks.short) and I'm unsure how to write such a line. Would '/^Subject:!.+/ REJECT ...' do the job ?
I think it means 'Subject:' followed by 'not (more than zero characters)'.
There is a very nice tool for that called 'pcretest' $ pcretest PCRE version 4.4 21-August-2003 $ rpm -qf /usr/bin/pcretest pcre-4.4-109 Your e.g. means 'Subject:!' followed by at least 1 character. re> /^Subject:!.+/ data> Subject:!a 0: Subject:!a data> Subject:! No match data> What you want is: re> /^Subject:[[:blank:]]*$/ data> Subject: a No match data> Subject: 0: Subject:
B.T.W. is it possible to modify the header checks 'on-the-fly', i.e. without restarting Postfix ? Maybe with MySQL ?
Postfix does re-check these files on itself, so yes, but this could take a while depending on the workload.
Another though : should Amavis/Spamassassin do this ?
No imho. Using body/headercheck is only a very crude way to fight UCE, with a high possibility of false positives and negatives. Only use it for some well-defined cases (like the well known win32 executable strings, SoBig Subjects etc.) E.g. Subjects without content can better be dealt with by SA, with a local rule and a + score of a few points. Theo -- Theo v. Werkhoven Registered Linux user# 99872 http://counter.li.org ICBM 52 13 27N , 4 29 45E. + ICQ: 277217131 SUSE 9.1 + Jabber: gurp@nedlinux.nl Kernel k_athlon-2.6.4 + MSN: twe-msn@ferrets4me.xs4all.nl See headers for PGP/GPG info. +