Hello Kenneth, Tuesday, December 5, 2006, 4:14:20 AM, you wrote:
> Given the recent run of messages that contain just a short number, I'm > inclined to reject any message that contains a body of less than 20-40 > bytes as being a nuisance. Does anyone have a piece of code that does that? > (I'll copy it to the wiki.) It would be a safer idea to look at the headers of a few of these short messages and see if you can find the hidden secret. There's a surprise in it for you if you can, you'll have a safe sign to remove these from your server and a safe rule you can use if this botnet reactivates with stupid configuration. For the blind, look at the message-id and you'll see some easy pattern matching. header FH_MSGID_000000 MESSAGEID =~ /\$00000000\@/ describe FH_MSGID_000000 Special MSGID score FH_MSGID_000000 10 -- Best regards, Fred mailto:[EMAIL PROTECTED] _______________________________________________ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list [email protected] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
