Re: Recommendations for mail with only an image
Hi, >>> There are a few rules that seem to overlap in these instances: >>> >>> * 2.3 EMPTY_MESSAGE Message appears to have no textual parts and no >>> * Subject: text >>> * 1.0 FSL_EMPTY_BODY Message has completely empty body >> >> >> Those two should probably be evaluated for overlap. >> > Or at best rescoring those for your personal installation. Do we agree there is a potential overlap? Should I open a bug for this, or just continue to adjust locally? Thanks everyone, Alex >
Re: Recommendations for mail with only an image
On 9/17/2015 2:31 PM, Alex wrote: Hi, There are a few rules that seem to overlap in these instances: * 2.3 EMPTY_MESSAGE Message appears to have no textual parts and no * Subject: text * 1.0 FSL_EMPTY_BODY Message has completely empty body Those two should probably be evaluated for overlap. Or at best rescoring those for your personal installation. Do we agree there is a potential overlap? Should I open a bug for this, or just continue to adjust locally? Thanks everyone, Alex Possibly a silly question, but where is FSL_EMPTY_BODY coming from? The string has no occurrences in the current trunk.
Re: Recommendations for mail with only an image
Hi, > * 2.3 EMPTY_MESSAGE Message appears to have no textual parts and no > * Subject: text > * 1.0 FSL_EMPTY_BODY Message has completely empty body Those two should probably be evaluated for overlap. >>> Or at best rescoring those for your personal installation. >> >> Do we agree there is a potential overlap? Should I open a bug for >> this, or just continue to adjust locally? > > Possibly a silly question, but where is FSL_EMPTY_BODY coming from? The > string has no occurrences in the current trunk. My apologies; I forgot those are rules created by Steve Freegard and posted to the list some time ago. Thanks, Alex
Re: Recommendations for mail with only an image
Am 16.09.2015 um 04:45 schrieb Alex: Apparently our users use email quite a bit to share pictures. These emails typically contain no subject and no body, just the image. This hits all sorts of rules (perhaps correctly), and was just looking for input on how it should be handled. There are a few rules that seem to overlap in these instances: * 2.3 EMPTY_MESSAGE Message appears to have no textual parts and no * Subject: text * 1.8 MISSING_SUBJECT Missing Subject: header * 1.0 FSL_EMPTY_BODY Message has completely empty body Those three are enough to qualify the email as spam alone, pending any points deducted for bayes educate your users, otherwise spammers pretty fast would switch to put their complete payload into a large image with a link on it - it happens already and hence the rules exists but if you open that door spammers would say "thank you" signature.asc Description: OpenPGP digital signature
Re: Recommendations for mail with only an image
On 9/16/2015 12:04 PM, John Hardin wrote: On Tue, 15 Sep 2015, Alex wrote: There are a few rules that seem to overlap in these instances: * 2.3 EMPTY_MESSAGE Message appears to have no textual parts and no * Subject: text * 1.0 FSL_EMPTY_BODY Message has completely empty body Those two should probably be evaluated for overlap. Or at best rescoring those for your personal installation.
Re: Recommendations for mail with only an image
Kevin A. McGrail skrev den 2015-09-16 18:45: On 9/16/2015 12:04 PM, John Hardin wrote: On Tue, 15 Sep 2015, Alex wrote: There are a few rules that seem to overlap in these instances: * 2.3 EMPTY_MESSAGE Message appears to have no textual parts and no * Subject: text * 1.0 FSL_EMPTY_BODY Message has completely empty body Those two should probably be evaluated for overlap. Or at best rescoring those for your personal installation. or: meta EMPTY_OVERLAP_FSL (EMPTY_MESSAGE && FSL_EMPTY_BODY) and score based on the new rule from meta
Re: Recommendations for mail with only an image
On Tue, 15 Sep 2015, Alex wrote: There are a few rules that seem to overlap in these instances: * 2.3 EMPTY_MESSAGE Message appears to have no textual parts and no * Subject: text * 1.0 FSL_EMPTY_BODY Message has completely empty body Those two should probably be evaluated for overlap. -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- Tomorrow: the 228th anniversary of the signing of the U.S. Constitution
Recommendations for mail with only an image
Hi, Apparently our users use email quite a bit to share pictures. These emails typically contain no subject and no body, just the image. This hits all sorts of rules (perhaps correctly), and was just looking for input on how it should be handled. There are a few rules that seem to overlap in these instances: * 2.3 EMPTY_MESSAGE Message appears to have no textual parts and no * Subject: text * 1.8 MISSING_SUBJECT Missing Subject: header * 1.0 FSL_EMPTY_BODY Message has completely empty body Those three are enough to qualify the email as spam alone, pending any points deducted for bayes. I understand these days no one should be sending emails with nothing in the body, not to mention an empty subject, but I'd like to make sure we're not being overly aggressive here as it relates to emails with large images, and also find a way for legitimate users to be able to send pictures (real estate customers, for example). I'm using amavis, and my $sa_mail_body_size_limit is set to 400k, yet multi-megabyte messages are still processed. I understand a chunk of that message may still be processed, but I'd like some way to somehow exclude messages with multi-megabyte picture attachments from being processed. Any ideas greatly appreciated. Thanks, Alex