I ask because with MIMEDefang it does some structural analysis (eg. MIME type and filename checking) before calling the heavy-weight SA, and you could block images with MD more cheaply than with the later SA pass.
Could you explain a little more about this?
MIMEDefang is a milter that's invoked by sendmail as the message is collected. You can do something similar in .procmailrc. Look for a package called the "Procmail Sanitizer". It's intended for installation in the global /etc/procmailrc but you could adapt it for personal use. If nothing else, you can use it as an example to see how to get at MIME parts and suppress the undesirable ones.
<http://www.impsec.org/email-tools/procmail-security.html>
