Sieve script to filter today's MS annoyances
Matthew Dillon
dillon at apollo.backplane.com
Fri Sep 19 13:16:55 PDT 2003
:
:I don't know what's going on, but I've been getting literally hundreds of
:virus/worm-looking emails per hour all day today. I grew tired of it and
:wrote the following Sieve script to filter my mail on the server.
:
:The pseudo-bounce messages were particularly annoying; they're close enough
:to the real bounce messages that I *want* to keep that they justified a
:little closer examination. I'll probably tighten the other message type to
:also examine the sender, but I doubt I'll be getting any legitimate mails
:that look like:
:
: Subject: latest security patch
:
:in the near future. Anyway, enjoy as you see fit.
:...
You aren't the only one. My mail system processed over a thousand
of these blasted things overnight. I had over 200 in my mailbox
this morning.
Fortunately it took only two quick commands to wipe them,
matching on a portion of the virus content.
I finally caved in and modified my libmilter based filter to
substring-match elements of the virus in the body of the email
and reject it outright, in real time.
-Matt
More information about the freebsd-stable
mailing list