Loading ...
Sorry, an error occurred while loading the content.

276769Re: rejecting long subject strings with pcre header checks

Expand Messages
  • Noel Jones
    Apr 27, 2011
      On 4/27/2011 6:17 AM, Troy Piggins wrote:
      > Hi there. I'm noticing lately most of the spam that gets through my
      > postgrey/postfix/amavis/spamassassin/procmail rules contains subject
      > lines that are extremely long strings with no spaces in them. eg:
      > Subject: DownloadLaetstMMiicrosoftAndAppleSotftawreAndSaveThouasadnds.ApprvoedLicecnseddS
      > They do seem to have non-alnum chars such as ?-. etc. Just no
      > spaces.
      > I'm thinking there must be a header check with pcre on Subject that
      > could catch these. Been googling but can't find anyone that seems
      > to mention this. Might be my poor search term selection?
      > Any suggestions?

      regexp and pcre compatible expression:

      /^Subject: +[^[:space:]]{60}/ REJECT no spaces

      matches Subject: followed by one or more spaces, followed by
      60 or more non-space characters.

      Caution: this has not been tested for safety -- I have no idea
      of the likelihood of this matching legit mail. You might want
      to use WARN instead of REJECT for a while.

      -- Noel Jones
    • Show all 24 messages in this topic