Re: [exim] Stopping Internal Email Abuse

Top Page
Delete this message
Reply to this message
Author: Ian Eiloart
Date:  
To: Chris Pottrell, exim-users
Subject: Re: [exim] Stopping Internal Email Abuse


--On 4 June 2008 16:21:09 +0100 Chris Pottrell
<chris.pottrell@???> wrote:

>
> I've had a request from the MD to try and stop the amount of junk that
> gets sent around each day by employees.
>



I have a mechanism for stamping on conversations that are copied to huge
number of recipients. Basically, if a To: or Cc: header exceeds 4k
characters, I replace it with the string "address list masked by
postmaster:;" - which is a valid address list.

I did this after a few students got hold of lists of all the student
addresses. One spam message was replied to a few times. Each message
contained a few MB of headers, and the storage requirements went through
the roof after a few complaints about the postings were sent back to the
entire recipient list!

#define these macros:

#################################################################
## limit the number of recipients displayed in message headers ##
#################################################################
# Maximum permitted header lengths (unit is characters)(
MAX_CC = 4096
MAX_TO = 4096

# This condition tests that the To: header is less than MAX_TO characters.
LONG_TO_HEADERS = \
          > { ${strlen:$h_To:} } {MAX_TO}


# This condition tests that the Cc: header is less than MAX_CC characters.
LONG_CC_HEADERS = \
          > { ${strlen:$h_Cc:} } {MAX_CC}


# This is used by headers_remove
REMOVE_LONG_HEADERS = \
    ${if  LONG_TO_HEADERS { : To }}\
    ${if  LONG_CC_HEADERS { : Cc }}


# This is used by headers_add

CONCEALED_STRING = address list masked by postmaster:;

REPLACE_LONG_HEADERS = \
    ${if  LONG_TO_HEADERS {\nTo: CONCEALED_STRING }}\
    ${if  LONG_CC_HEADERS {\nCc: CONCEALED_STRING }}



# in the relevant transport, I use:

headers_remove = \
        Bcc \
        REMOVE_LONG_HEADERS
    headers_add = \
        X-Sussex: true \
        \nX-Sussex-transport: remote_smtp \
        REPLACE_LONG_HEADERS



--
Ian Eiloart
IT Services, University of Sussex
x3148