I have had a user on our network which has been receiving Spam with the
following format:
Subject: Message message message (50 spaces) [(4 to 6 characters alpha
numberic characters)]
eg.
Subject: Something EVERY Business Needs
[ugx92]
Well I created a filter that does work, it just logs it so far, I will probably have
it freeze it soon, or better yet forward to me so I can complain to the
offending servers.
# Exim Filter
logfile $home/.filter.log
if ((not error_message) and ($header_subject: matches \
"(\\.+)(\\\\s+)\\\\[(\\.+)\\\\]\\$" )) then
logwrite "$tod_log $message_id $sender_address \
($sender_host_name[$sender_host_address]) subject=$header_subject \n"
logwrite "------------------------------------------------------------------------------\n"
logwrite "$tod_log $message_id Message Header Attachment \
Detected$1\n"
logwrite "$header_content-type:\n"
logwrite "$message_headers\n"
logwrite "------------------------------------------------------------------------------\n"
endif
---
Jason Robertson
Network Analyst
jason@???
http://www.astroadvice.com
