Hi
If you want to drop the mail by just checking its content size, use
'All' matcher and then get the content part of the mail in mailet using
the java mail api. Then you can check the size of that part.
Ozgur
On 03/22/2015 08:39 PM, David Legg wrote:
Hi Bernd,
I do have a firewall but the spam messages are not being modified. What
I showed in my email below is what the server actually receives.
The missing subject is also a key feature of these spams together with
the lack of body copy.
I guess I could write a matcher which returns the size of the subject
and/or the body but as I mentioned it has been a while since I installed
James and I'm not into Java development as much as I used to be.
Regards,
David.
On 22/03/15 16:00, Bernd Waibel wrote:
Hello David,
do you have a firewall, with virus filtering enabled?
If the mail contains only one attachment (as INLINE attachment) and no body,
and the firewall removes the attachment, but keeps the rest alright and sends
this to the receiver?
So a mail without a body could be the rest of a virus mail.
Also it could just be a test runner. Testing the Botnet or something like
this.
Some people use their email system like a sms system, just sending a
subject.
May this lead to a no-body mail?
In your example the subject is missing.
But I didn't see it a lot (or did not remember).
Greetings
Bernd
-Ursprüngliche Nachricht-
Von: David Legg [mailto:david.l...@searchevent.co.uk]
Gesendet: Sonntag, 22. März 2015 14:29
An: James Users List
Betreff: Fighting 'no body' spam
Hi,
It has been a few years since I last wrote to the list. Our James 2.3
installation has been happily running all that time with no problems.
Recently however we are being plagued by a particular variety of spam that the
Bayesian filter just can't handle; 'no-body' spam. This variety has seemingly
random 'from' addresses (but usually with valid domains). They all seem to
come from different IP addresses which suggests a bot-net and therefore can't
be blocked by the firewall. But the other distinguishing feature is their
complete lack of any subject or body. This is what makes it so difficult for
the filter to latch onto.
A typical email looks as follows: -
Message-ID: A[20
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-MessageIsSpamProbability: 0.018074688897863164
Received: from 38.124.60.215 ([38.124.60.215])
by somewhere.co.uk (JAMES SMTP Server 2.3.1) with SMTP ID 965
for off...@somewhere.co.uk;
Sun, 22 Mar 2015 12:11:17 + (GMT)
Date: Sun, 22 Mar 2015 12:11:17 + (GMT)
From: ieqeq...@baboonabeach.com
Received: from 248.32.157.238 by 46.4.123.50; Sun, 22 Mar 2015 18:23:42 +0500
I was hoping that there was a matcher that I could use to reject all email with no
or very small ( 4 bytes) content. However, all I could find was the
'SizeGreaterThan' matcher which matches the entire size of the email.
As well as knowing if their is a solution for this I was also wondering if
anyone knows just what is the point of all this? I've heard one theory that it
poisons the filter but it just seems like a mindless act to me.
Regards,
David Legg
-
To unsubscribe, e-mail: server-user-unsubscr...@james.apache.org
For additional commands, e-mail: server-user-h...@james.apache.org
-
To unsubscribe, e-mail: server-user-unsubscr...@james.apache.org
For additional commands, e-mail: server-user-h...@james.apache.org