RE: Blocking all inline GIF or JPG Images
Title: RE: Blocking all inline GIF or JPG Images > -Original Message- > From: jdow [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, June 27, 2006 11:19 PM > To: users@spamassassin.apache.org > Subject: Re: Blocking all inline GIF or JPG Images > > > From: "Chris Santerre" <[EMAIL PROTECTED]> > > > SARE is working on this type of spam. We're getting there :) > > > > OVERALL% SPAM% HAM% S/O RANK SCORE NAME > > 14175 14174 1 0.999 0.00 0.50 imagespamtesticular > > > > It takes time. > > Chris, how are you scoring 141.75 times the amount of mail you are > receiving? Is there a math error or a notational error on the two > lines you quoted? > > {^_-} Huh? I hit a total of 14175 messeges with the rule. Out of that only 1 was ham. (prbly not ham.) I don't show the total of all email in this particular corpus, cause thats not public knowledge. This rule is only in testing phase with SARE. Along with a few more. --Chris
Re: Blocking all inline GIF or JPG Images
Did I miss the rule that enables me to score inline gif's? I would like to test with a low score and go from there.
RE: Blocking all inline GIF or JPG Images
--On Tuesday, June 27, 2006 5:10 PM -0400 Dave Koontz <[EMAIL PROTECTED]> wrote: Unfortunately, in our environment, "inline" images do get extensive use from our users (College Students, Faculty). Much of their email is for entertainment value, and many email "jokes" make use of Inline images of a variety of file types. GIF and JPG are just two types, you will also see PNG, BMP, etc. My company manufactures and assembles products and inspects items on receipt at the dock. When damage is found, including quality issues from our vendors, we photograph the item and email it to them so that they can immediately start to address the issue and get it fixed before the next day's shipment leaves their facility. Often a message requires a series of photos and explanatory text. Photographic email is a real requirement of business correspondence. I'm no fan of HTML in email, because it's so easy to use it to hide spam and malicious material in. I advocate strict syntax checking (which alas would fail the most common HTML-generating MUA's), and restriction of HTML to the subset needed to do this kind of job. Others have mentioned needing to include an HTML part to "contain" the image part. I personally attach my images to a text/plain part with a multipart/mixed, with the image set to disposition:inline. No HTML part is included, but I can see how one might need one for multiple images with interleaved comments, as a text/plain part has no mechanism to do that. My question is how to smack the biggest supplier of MUA's (the one in Redmond) to produce a sufficiently limited subset of HTML so that we as email admins can properly do our job while still allowing users to use a reasonable subset of markup.
Re: Blocking all inline GIF or JPG Images
From: "Chris Santerre" <[EMAIL PROTECTED]> SARE is working on this type of spam. We're getting there :) OVERALL% SPAM% HAM% S/ORANK SCORE NAME 141751417410.999 0.00 0.50 imagespamtesticular It takes time. Chris, how are you scoring 141.75 times the amount of mail you are receiving? Is there a math error or a notational error on the two lines you quoted? {^_-}
Re: Blocking all inline GIF or JPG Images
John D. Hardin wrote: On Tue, 27 Jun 2006, Kelson wrote: Until something comes along that (a) handles all the formatting that people want to be able to do, including adding silly backgrounds, changing the font or color for no reason, Why in the world do we need to support/encourage *that* nonsense? Because people will find ways to do it anyway, like sending Microsoft Word documents or PDF files. Better to come up with something that satisfies the demand, but isn't as easy to exploit for nefarious purposes (tracking, malware delivery, obfuscation) as HTML is, than leave things as a choice between HTML and plain text. There are plenty of options for simple markup languages more limited in their potential for abuse (unless you consider formatting itself an abuse) -- Wiki code, or BBcode, or the rich-text format that Eudora generates -- just none of them have the critical mass among email clients (I don't think anything will display formatted Wiki or BBCode, for instance) to be worth using except in small circles. -- Kelson Vibber SpeedGate Communications
RE: Blocking all inline GIF or JPG Images
John, if you have absolute authority to your network and what format your users can receive/send email, then you may want to look at the 'DEMIME' project. Perhaps you can use it to convert all user email to plain text and remove any and all attachments as a part of your filtering. I use this tool to filter various addresses that need to receive ONLY plain text emails. Works well. -Original Message- From: John D. Hardin [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 27, 2006 5:28 PM To: Kelson Cc: SpamAssassin Users Subject: Re: Blocking all inline GIF or JPG Images On Tue, 27 Jun 2006, Kelson wrote: > Until something > comes along that (a) handles all the formatting that people want to be > able to do, including adding silly backgrounds, changing the font or > color for no reason, Why in the world do we need to support/encourage *that* nonsense? > and embedding images in a layout such that they can be captioned One argument (only one) for accepting HTML email. :)
Re: Blocking all inline GIF or JPG Images
On Tue, 27 Jun 2006, Kelson wrote: > Until something > comes along that (a) handles all the formatting that people want to be > able to do, including adding silly backgrounds, changing the font or > color for no reason, Why in the world do we need to support/encourage *that* nonsense? > and embedding images in a layout such that they can > be captioned One argument (only one) for accepting HTML email. :) -- John Hardin KA7OHZICQ#15735746http://www.impsec.org/~jhardin/ [EMAIL PROTECTED]FALaholic #11174pgpk -a [EMAIL PROTECTED] key: 0xB8732E79 - 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- The problem is when people look at Yahoo, slashdot, or groklaw and jump from obvious and correct observations like "Oh my God, this place is teeming with utter morons" to incorrect conclusions like "there's nothing of value here".-- Al Petrofsky, in Y! SCOX --- 7 days until The 230th anniversary of the Declaration of Independence
RE: Blocking all inline GIF or JPG Images
John D. Hardin Wrote: >"inline" is an HTML-format email with text and images interspersed. >When the message is rendered the images will be embedded in the message body text. > >"attached" is the images attached like any other type of file. > >I have had exactly one instance to use inline images in the last five years. Just a "For What It's Worth"... Unfortunately, in our environment, "inline" images do get extensive use from our users (College Students, Faculty). Much of their email is for entertainment value, and many email "jokes" make use of Inline images of a variety of file types. GIF and JPG are just two types, you will also see PNG, BMP, etc. So, while I don't condone the usage, it does get used by a large percentage of "other" typical users Most of whom would not be too happy to have their email flagged as spam soley because it contained an inline image. Your network usage may vary Personally, I wish HTML/UU/MIME type message formats had never been implemented! ;-)
Re: Blocking all inline GIF or JPG Images
Matt wrote: HTML does not belong in e-mails. Guess I'd better not send myself photos from my cell phone, then. The email gateway adds an HTML body with an inline reference to the attachment. Though come to think of it, I suppose I shouldn't be sending images to an email address in the first place. I wonder if I can get my phone to upload to an FTP site... Like it or not, the genie is out of the bottle on HTML email. It has been for longer than most people have *had* email. Until something comes along that (a) handles all the formatting that people want to be able to do, including adding silly backgrounds, changing the font or color for no reason, and embedding images in a layout such that they can be captioned and (b) is supported by the most popular email clients, we're stuck with it. > An inline gif is INLINE with HTML.. an attached GIF is attached to the > message and the message is in MIME-text format. Incidentally... inline images *are* attached through MIME -- there's just a reference to that MIME part in the HTML part. Unless you're talking about data: URLs (where the image data is literally inline in the HTML) or remote images (where the image is loaded from a webserver upon displaying the message). -- Kelson Vibber SpeedGate Communications
RE: Blocking all inline GIF or JPG Images
Title: RE: Blocking all inline GIF or JPG Images > -Original Message- > From: Stuart Johnston [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, June 27, 2006 4:16 PM > To: Matt > Cc: users@spamassassin.apache.org > Subject: Re: Blocking all inline GIF or JPG Images > > > Matt wrote: > > An inline gif is INLINE with HTML.. an attached GIF is > attached to the > > message and the message is in MIME-text format. HTML does > not belong > > in e-mails. > > Well, that's easy then. If you want to block all html messages, just > score up: HTML_MESSAGE > > If you want to only hit those with html inline images (attached or > remote), use: __HTML_LINK_IMAGE SARE is working on this type of spam. We're getting there :) OVERALL% SPAM% HAM% S/O RANK SCORE NAME 14175 14174 1 0.999 0.00 0.50 imagespamtesticular It takes time. --Chris
Re: Blocking all inline GIF or JPG Images
Matt wrote: An inline gif is INLINE with HTML.. an attached GIF is attached to the message and the message is in MIME-text format. HTML does not belong in e-mails. Well, that's easy then. If you want to block all html messages, just score up: HTML_MESSAGE If you want to only hit those with html inline images (attached or remote), use: __HTML_LINK_IMAGE
Re: Blocking all inline GIF or JPG Images
On Tue, 27 Jun 2006, Stuart Johnston wrote: > Matt wrote: > > 1 - No legit e-mail should have in-line gifs.. they should be attached. > > I guess I'm missing something. What is the difference between an > inline gif and an attached gif? "inline" is an HTML-format email with text and images interspersed. When the message is rendered the images will be embedded in the message body text. "attached" is the images attached like any other type of file. I have had exactly one instance to use inline images in the last five years. -- John Hardin KA7OHZICQ#15735746http://www.impsec.org/~jhardin/ [EMAIL PROTECTED]FALaholic #11174pgpk -a [EMAIL PROTECTED] key: 0xB8732E79 - 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- Senator, when you took your oath of office, you placed your hand on the Bible and swore to uphold the Constitution. You didn't place your hand on the Constitution and swear to uphold the Bible. -- Jamie Raskin, Professor of Law at American University, testifying before the Maryland Senate --- 7 days until The 230th anniversary of the Declaration of Independence
Re: Blocking all inline GIF or JPG Images
An inline gif is INLINE with HTML.. an attached GIF is attached to the message and the message is in MIME-text format. HTML does not belong in e-mails. On 6/27/06, Stuart Johnston <[EMAIL PROTECTED]> wrote: Matt wrote: > 1 - No legit e-mail should have in-line gifs.. they should be attached. I guess I'm missing something. What is the difference between an inline gif and an attached gif?
Re: Blocking all inline GIF or JPG Images
Matt wrote: 1 - No legit e-mail should have in-line gifs.. they should be attached. I guess I'm missing something. What is the difference between an inline gif and an attached gif?
Re: Blocking all inline GIF or JPG Images
1 - No legit e-mail should have in-line gifs.. they should be attached. 2 - I don't 3 - Right, and that's what I'm asking how to do. On 6/27/06, Dallas L. Engelken <[EMAIL PROTECTED]> wrote: > -Original Message- > From: jdow [mailto:[EMAIL PROTECTED] > Sent: Tuesday, June 27, 2006 08:09 > To: users@spamassassin.apache.org > Subject: Re: Blocking all inline GIF or JPG Images > > From: "Matt" <[EMAIL PROTECTED]> > > > Hi, > > What would I need to do to just outright block all e-mail > that has an > > inline gif or jpg (or multiple ones)? > > 1) Be willing to accept a large number of lost legitimate emails. personally i would disagree... i seldom get 1 legit message a day with with inline-gif's, and its always newsletters that either a) i can do without or b) i can whitelist if need be. now i'm not saying i'd throw that policy down the throat of all my lusers, but a per-user rule to stop it for yourself may be just what you need. d
RE: Blocking all inline GIF or JPG Images
> -Original Message- > From: jdow [mailto:[EMAIL PROTECTED] > Sent: Tuesday, June 27, 2006 08:09 > To: users@spamassassin.apache.org > Subject: Re: Blocking all inline GIF or JPG Images > > From: "Matt" <[EMAIL PROTECTED]> > > > Hi, > > What would I need to do to just outright block all e-mail > that has an > > inline gif or jpg (or multiple ones)? > > 1) Be willing to accept a large number of lost legitimate emails. personally i would disagree... i seldom get 1 legit message a day with with inline-gif's, and its always newsletters that either a) i can do without or b) i can whitelist if need be. now i'm not saying i'd throw that policy down the throat of all my lusers, but a per-user rule to stop it for yourself may be just what you need. d
Re: Blocking all inline GIF or JPG Images
From: "Matt" <[EMAIL PROTECTED]> Hi, What would I need to do to just outright block all e-mail that has an inline gif or jpg (or multiple ones)? 1) Be willing to accept a large number of lost legitimate emails. 2) If you use procmail it's quite easy to look for files with a large number of different suffixes and do what you want with them. 3) Don't ask SpamAssassin to do anything with them other than install a large spam score on them. {^_^}
Re: Blocking all inline GIF or JPG Images
Matt wrote: Hi, What would I need to do to just outright block all e-mail that has an inline gif or jpg (or multiple ones)? You should do this in whatever program you have calling SA/AV/etc.. SA itself doesn't "block" anything. -Jim