Command Center

> What can I do to block a message with a determinated subject with
> mimedefang ???

I've posted this a few times before.

Blocking emails based on the Subject line can be done by adding the
following LOCAL_RULESET to your sendmail.mc file, and then rebuilding
sendmail.cf. PLEASE NOTE that there are TABS in the code below. If you
copy/paste the code below into yout sendmail.mc file, BE SURE TO REPLACE any
occurances of "[TAB]" with a real TAB.

Once the sendmail.cf has been rebuilt (and sendmail restarted), create two
files. The first file (subjects_full) will contain COMPLETE SUBJECT LINES,
using PERIODS to replace any spaces. The second file can contain any
KEYWORDS or portions of subject lines (again, replacing any spaces with
periods).

For example, in /etc/mail/subjects_full you might have something like:

Mothers.Day.Order.Confirmation
Dangerous.Virus.Warning
Virus.ALERT!!!
Important!.Read.carefully!!
How.to.protect.yourself.from.the.IL0VEY0U.bug!
I.Cant.Believe.This!!!
Thank.You.For.Flying.With.Arab.Airlines
Variant.Test
Yeah,.Yeah.another.time.to.DEATH...
LOOK!
Bewerbung.Kreolina
Recent.Virus.Attacks-Fix
PresenteUOL
IMPORTANT:.Official.virus.and.bug.fix
NEUE.ANTI-VIRUS-LISTE
BUG.&.VIRUS.FIX
New.Variation.on.LOVEBUG.Update.Anti-Virus!!
Snowhite.and.the.Seven.Dwarfs.-.The.REAL.story
Resume.-.Janet.Simons
US.PRESIDENT.AND.FBI.SECRET
Check.this.out,.it's.funny!
Cool.Notepad.Demo
Moin,.alles.klar?
Hi,.how.are.you?

In /etc/mail/subjects_part you could have something like:

unsecured.gold.mastercard
unsecured.mastercard
unsecured.platinum.card
unsecured.visa
viagra
v.i.a.g.r.a
vi*agra
v1agra
v*1a*gra

These are plain ascii files... NOT database hashes. And, there is no need
to restart sendmail whenever you add anything to these files. Changes take
effect immediately.

Have fun!


LOCAL_RULESETS
######################################################################
###
### Email Virus and Anti-SPAM stuff...
###
### Add exact-match subject lines to /etc/mail/subjects_full
### Add substrings to match in subject lines to /etc/mail/subjects_part
### In both files, all spaces MUST be replaced with periods (.)
###
### Create two files called /etc/mail/subjects_full and
### /etc/mail/subjects_part. The former has complete
### unwanted 'subject' lines, while the latter has only
### substrings within 'subject' lines.
###
### As an example, suppose you want to filter out 'viagra'
### spam. The following entry in your subjects_part
### file would do it:
### viagra
###
### In the case of multi-word entries, all spaces MUST be
### replaced with periods. For example:
### herbal.viagra
###
### These filters are not case-sensitive.
###
######################################################################
F{FullSubjects} -o /etc/mail/subjects_full
F{PartSubjects} -o /etc/mail/subjects_part
HSubject: $>CheckSubject

SCheckSubject
R$={FullSubjects}$*[TAB]$: REJECTSUBJECT
R$* $={PartSubjects} $*[TAB]$: REJECTSUBJECT
R$* REJECTSUBJECT $*[TAB]$#error $: "553 Access Denied - MSG may contain
SPAM/WORM/VIRUS/HOAX."

RADV : $*[TAB]$#error $: "553 Delivery blocked; HSubject: indicates
unsolicited commercial email."
R ADV : ADLT $*[TAB]$#error $: "553 Delivery blocked; HSubject: indicates
unsolicited adult-content email."
RADV $*[TAB]$#error $: "553 Delivery blocked; HSubject: indicates
unsolicited commercial email."



KEN CORMACK, RHCE
Sr. UNIX Systems Analyst,
Open Systems Group
Sr. Software Analyst,
TSG Midrange Systems Group
AFFILIATED COMPUTER SERVICES, INC.
557 E. Tallmadge Ave., Akron, OH 44310

"If that that is 'is' is that that is not 'not is', is that that is 'not is'
that that is not 'is'? It is!" - Ken Cormack

"Sendmail administration is not black magic. There are legitimate technical
reasons why it requires the sacrificing of a live chicken." - Unknown


REFERENCES
http://lists.roaringpenguin.com/pipermail/mimedefang/2004-March/020796.html