Gary Forrest wrote:
> Hi All
>
> We are receiving the same image spam many times, random text within the
> body.
> The only common thing is a image attachment, with the filename in the
> following format
>
> DSL1234.png
>
> I have made the following ' RAWBODY ' rule
>
> /dsl[0-9]{4}\.png/i
>
> This rule works if the text appears in the body, when testing with a
> hand telnet to port 25, but fails in practice.
> I think this is because the RAWBODY rule does not search the text of a
> attachment.
>
> example text of a spam
>
> ------=_NextPart_000_0075_01C9C5DF.A7950570
> Content-Type: image/png;
> name="DSL6672.png"
> Content-Transfer-Encoding: base64
> Content-ID: <a0ff8910$101f730d$6c822ecf>
> Content-Disposition: inline
>
> Any ideas ?
mimeheader LOCAL_DSL_ATTACHMENT Content-Type =~ /name="dsl[0-9]{4}\.png"/i
(Untested.)
Hope this helps,
James.
--
E-mail: james@ | top! to bottom from or backwards read not do I, post top
aprilcottage.co.uk | not do Please
| -- Jeff Vian
