06-19-2006 09:52 AM
We have noticed that this kind of spam has increased (see below).
Typically it has no "To:" header, no "Subject:" header and nothing on the message body.
Does IPAS already know this?
Any suggestion to write a filter that catch message with no To or Subject fieled on the header?
---------------------------------------------
Received: from unknown (HELO korisnik-oashe5) ([194.54.182.140])
by ironport.xxx.com with SMTP; 19 Jun 2006 15:02:36 +0700
X-SBRS-Score: -0.3
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AaMwAKjylURuh2mBExULLVE
X-IronPort-AV: i="4.06,149,1149440400";
d="scan'"; a="161511224:sNHT34510798"
Message-ID: <000d01c69376$baca1e30$8cb636c2@korisnikoashe5>
From: buicgeauavc@vela.com
Date: Mon, 19 Jun 2006 15:02:38 +0700
---------------------------------------------
TIA
06-19-2006 01:04 PM
Since rcpt-to acts on the 2821 header, you can't really check for it being blank. I believe you can do and (header("To") == "^$") to check for a blank to in the header; however, I haven't tested this though I will be when I get into the office since we are getitng these too and for the most part brightmail isn't catching them.
catch_new_spam: if (subject == "^$") and (header("To") == "^$") and (body-size <= 3072)
{
quarantine();
}
06-19-2006 03:07 PM
We're seeing them as well.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide