[Esd-l] Catching email based on subject 2

Paul Ferwerda paul at ferwerda.net
Sun Jan 5 18:34:01 PST 2003


Resend trying to keep formatting...

I realize that this is probably a really dumb question, but we've got email over SSL and we're getting email with the following sorts of headers which takes forever to download:

Subject: W32.Klez.E removal tools
MIME-Version: 1.0
X-Security: MIME headers sanitized on srv01.mxtabs.net
        See http://www.impsec.org/email-tools/sanitizer-intro.html
        for details. $Revision: 1.137 $Date: 2002-12-22 16:59:17-08
Content-Type: multipart/alternative;
        boundary=A2FH43M0r9q5W90aUN297sSt
X-Status:
X-Keywords:
X-UID: 28

--A2FH43M0r9q5W90aUN297sSt
Content-Type: text/html;
Content-Transfer-Encoding: quoted-printable

Sophos give you the very W32.Klez.E removal tools
W32.Klez.E is a very dangerous virus that spread through email.

For more information,please visit http://www.Sophos.com
--A2FH43M0r9q5W90aUN297sSt
Content-Type: TEXT/PLAIN;
X-Content-Security: [srv01.mxtabs.net] REPORT: Attachment "install.exe" stripped
Content-Description: SECURITY NOTICE


SECURITY NOTICE:

The mail system has removed a file attachment from this message.
The attachment has been discarded.

Please contact your system administrator for details.

Filename: install.exe



--A2FH43M0r9q5W90aUN297sSt
--A2FH43M0r9q5W90aUN297sSt
Content-Type: application/octet-stream; name="Yosemite.jpg"
Content-ID: <Xg0JRa00229>
Content-Transfer-Encoding: base64

/9j/4AAQSkZJRgABAgEASABIAAD/7RFWUGhvdG9zaG9wIDMuMAA4QklNBAQAAAAAAJkcAgAA

....and the rest of the file...



I don't want to have to download an email containing that stuff.  What is the best way to set up a rule in my local-rules.procmail in order to intercept that sort of message?


or

Subject: Undeliverable mail--"Enlarge Photo"
MIME-Version: 1.0
X-Security: MIME headers sanitized on srv01.mxtabs.net
        See http://www.impsec.org/email-tools/sanitizer-intro.html
        for details. $Revision: 1.137 $Date: 2002-12-22 16:59:17-08
Content-Type: multipart/alternative;
        boundary=Yzi73p2FhKyz24k407Z4OX9L6448g
Date: Fri, 3 Jan 2003 06:29:10 -0500
X-Status:
X-Keywords:
X-UID: 14

--Yzi73p2FhKyz24k407Z4OX9L6448g
Content-Type: text/html;
Content-Transfer-Encoding: quoted-printable

The following mail can't be sent to info at edjoin.org:

From: mxtabs at mxtabs.net
To: info at edjoin.org
Subject: Enlarge Photo
The attachment is the original mail
--Yzi73p2FhKyz24k407Z4OX9L6448g
Content-Type: TEXT/PLAIN;
X-Content-Security: [srv01.mxtabs.net] REPORT: Attachment "Zoj.bat" stripped
Content-Description: SECURITY NOTICE


SECURITY NOTICE:

The mail system has removed a file attachment from this message.
The attachment has been discarded.

Please contact your system administrator for details.

Filename: Zoj.bat


--Yzi73p2FhKyz24k407Z4OX9L6448g
--Yzi73p2FhKyz24k407Z4OX9L6448g
Content-Type: application/octet-stream; name="206386878.110693889.IM1.MAIN.240x1
80_A.240x160[1].jpg"
Content-ID: <Q4w9lNF3HSQZ24>
Content-Transfer-Encoding: base64

/9j/4AAQSkZJRgABAQEASABIAAD/4SNnRXhpZgAATU0AKgAAAAgACAEPAAIAAAAWAAABsgEQ
...etc.

Thanks!
Paul 



More information about the esd-l mailing list