[milters] Archive

Lists Index Date Thread Search

Article: 1356
From: Michael Elliott
Date: 2006-12-06 17:59:33 -0500
Subject: Re: new milter idea: milter-random-named-file

Removal...........: milters-request@milter.info?subject=remove
More information..: http://www.milter.info/#Support

Anthony Howe wrote:
> This is problematic. Conside that most pump & dump image based spam uses 
> a CID: there are no filenames to speak off, and the cid: will probably 
> change between runs or every message even (you don't care about CPU when 
> you're using someone else's computer).

... That and many other good reasons kind of kill this idea.  
Ok.  So here is a more wicked one.  

A modification to milter-abook to have a second policy setting for email
containing images.

policy=none or policy=tag with subject-tag=[stranger]

So if the email doesn't contain an image, we accept as normal (or tag), 
and if it contains an image and we have never sent to the sender before, 
the mail is rejected.

The only drawback on this one I see so far is recognizing and whitelisting
the footer images from the likes of Yahoo and MSN.  Checking my mailbox, 
they seem to be doing that less these days, but I don't get many emails from
those sources.

While you are in there changing things, here is another idea.
access.db entries:
milter-abook-policy:george@example.com		none
milter-abook-policy-image:george@example.com	tag
milter-abook-policy:fred@example.com		reject
milter-abook-policy-image:fred@example.com	reject

Reading a policy type override from the access.db would allow easier 
customization for my users instead of the on/off that is available today.

And thirdly, adding a note to system adminstrators on the webpage that 
a good practice is to run the milter-abook for the first month with 
policy=none, so mail is not affected, but the cache is built up.  Then
after a month, move to policy=tag/reject.  It is one of those "least 
amount of surprise and negative impact" issues.  I haven't used milter-abook
before, because I am working at an ISP level, and it's general use 
across such a large set of users would be problematic.   But, policy=none, 
and policy-image=reject is a reasonable possiblity for me.

-Mike Elliott

Lists Index Date Thread Search