General
cancel
Showing results for 
Search instead for 
Did you mean: 

Blocking messages by title.....or part of

Kathleen
Regular Advisor

Blocking messages by title.....or part of

Can this be done using sendmail....blocking the title of a message vs the sender. We are getting alot of the messages into our system that are related to the virus is going around. We are not getting the virus because we strip the attachment but I would like to not see the email at all. Any suggestions? We are using Sendmail with Openmail.
6 REPLIES
Brian Bergstrand
Honored Contributor

Re: Blocking messages by title.....or part of

Add something similar to the rules below to your sendmail.cf file. You'll need one match for each subject you want to kill.

SCheckSubject
RI LOVE YOU $#error $: 553 worm rejected
RBad Subject Text $#error $: 553 rejected

HTH
Sanjay_6
Honored Contributor

Re: Blocking messages by title.....or part of

Kathleen
Regular Advisor

Re: Blocking messages by title.....or part of

Is there a way to block with wildcards like "microsoft update"
Christopher Caldwell
Honored Contributor

Re: Blocking messages by title.....or part of

There's essentially four ways to mail filter:

1) in the sendmail.cf as suggested in earlier posts.

2) in the delivery agent - e.g. on HP, swap mail/rmail with procmail, then build filter recipes.
See http://www.procmail.org/ for details.

3) add mail filterting hooks to sendmail (generally requires more modern versions of sendmail).
See http://www.milter.org/ for examples/details. [Use to filter viruses, filter on regex, filter attachments, etc.].

4) add a filter (e.g. virus scanner/spam filter) appliance in line prior to sendmail.

Any of these techniques will allow you to filter on subject. Many (>1) will allow you to filter on just about anything.

Geoff Wild
Honored Contributor

Re: Blocking messages by title.....or part of

Yes you can!

Note: ^I is tab and $ at end of line is end of line...

SCheckSubject$
RC:\CoolProgs\PrettyPark.exe^I$#error $: 553 PrettyPark Worm rejected$
RILOVEYOU^I$#error $: 553 Love Letter Worm rejected$
RI LOVE YOU^I$#error $: 553 Love Letter Worm rejected$
RUS PRESIDENTS AND FBI SECRETS^I$#error $: 553 Virus rejected$
RMawanella^I$#error $: 553 Virus rejected$
Rfwd: Joke^I$#error $: 553 Joke Worm rejected$
RSusitikim shi vakara kavos puodukui^I$#error $: 553 Susitikim Worm rejected$
RMother's Day Order Confirmation^I$#error $: 553 Mothers Day Worm rejected$


Etc...

Here's a cool way to block forgeries - IE someone's reply is support@microsoft.com - yet it comes via shaw.ca:

SIs21cn$
R$* 21cn.com $*^I$@ OK$
R$* ^I$#error $: "550 Access Denied. Forgeries are disallowed."$
$
SIsAol$
R$* aol.com $*^I$@ OK$
R$* ^I$#error $: "550 Access Denied. Forgeries are disallowed."$
$
SIsattnet$
R$* att.net $*^I$@ OK$
R$* ^I$#error $: "550 Access Denied. Forgeries are disallowed."$
$
SIsbigmailbox$
R$* bigmailbox.com $*^I$@ OK$
R$* ^I$#error $: "550 Access Denied. Forgeries are disallowed."$
$
SIsconcentic$
R$* concentic.com $*^I$@ OK$
R$* ^I$#error $: "550 Access Denied. Forgeries are disallowed."$
$
SIsconsultant$
R$* consultant.com $*^I$@ OK$
R$* ^I$#error $: "550 Access Denied. Forgeries are disallowed."$
$
SIsearthlink$
R$* earthlink.net $*^I$@ OK$
R$* ^I$#error $: "550 Access Denied. Forgeries are disallowed."$
$
SIsearthlinkcom$
R$* earthlink.com $*^I$@ OK$
R$* ^I$#error $: "550 Access Denied. Forgeries are disallowed."$
$
SIsemail$
R$* email.com $*^I$@ OK$
R$* ^I$#error $: "550 Access Denied. Forgeries are disallowed."$
$
SIsexcite$
R$* excite.com $*^I$@ OK$
R$* ^I$#error $: "550 Access Denied. Forgeries are disallowed."$
$
SIsYahoo$
R$* yahoo.com $*^I$@ OK$
R$* ^I$#error $: "550 Access Denied. Forgeries are disallowed."$
$
SIsHotmail$
R$* hotmail.com $*^I$@ OK$
R$* ^I$#error $: "550 Access Denied. Forgeries are disallowed."$
$
SIshushmail$
R$* hushmail.com $*^I$@ OK$
R$* ^I$#error $: "550 Access Denied. Forgeries are disallowed."$
$
SIsmicrosoft$
R$* microsoft.com $*^I$@ OK$
R$* ^I$#error $: "550 Access Denied. Forgeries are disallowed."$
$
SIsmailru$
R$* mail.ru $*^I$@ OK$
R$* ^I$#error $: "550 Access Denied. Forgeries are disallowed."$
$
SIsmindspring$
R$* mindspring.com $*^I$@ OK$
R$* ^I$#error $: "550 Access Denied. Forgeries are disallowed."$
$
SIsmsn$
R$* msn.com $*^I$@ OK$
R$* ^I$#error $: "550 Access Denied. Forgeries are disallowed."$
$
SIsnetcom$
R$* netcom.com $*^I$@ OK$
R$* ^I$#error $: "550 Access Denied. Forgeries are disallowed."$
$
SIsHotbot$
R$* hotbot.com $*^I$@ OK$
R$* ^I$#error $: "550 Access Denied. Forgeries are disallowed."$
$
SIsJuno$
R$* juno.com $*^I$@ OK$
R$* untd.com $*^I$@ OK$
R$* ^I$#error $: "550 Access Denied. Forgeries are disallowed."$
$
SIsjulianhaight$
R$* julianhaight.com $*^I$@ OK$
R$* ^I$#error $: "550 Access Denied. Forgeries are disallowed."$
$
SIstravelocity$
R$* travelocity.com $*^I$@ OK$
R$* ^I$#error $: "550 Access Denied. Forgeries are disallowed."$
$
SIsusa$
R$* usa.net $*^I$@ OK$
R$* ^I$#error $: "550 Access Denied. Forgeries are disallowed."$
$
SIsuol$
R$* uol.com $*^I$@ OK$
R$* ^I$#error $: "550 Access Denied. Forgeries are disallowed."$
$
SIsuwaterloo$
R$* uwaterloo.ca $*^I$@ OK$
R$* ^I$#error $: "550 Access Denied. Forgeries are disallowed."$
$
SIsweave$
R$* weave.com $*^I$@ OK$
R$* ^I$#error $: "550 Access Denied. Forgeries are disallowed."$
$
SLocal_check_mail$
R$* 21cn.com $*^I$: $>Is21cn $&{client_name}$
R$* aol.com $*^I$: $>IsAol $&{client_name}$
R$* att.net $*^I$: $>Isattnet $&{client_name}$
R$* bigmailbox.com $*^I$: $>Isbigmailbox $&{client_name}$
R$* concentric.com $*^I$: $>Isconcentric $&{client_name}$
R$* consultant.com $*^I$: $>Isconsultant $&{client_name}$
R$* earthlink.net $*^I$: $>Isearthlink $&{client_name}$
R$* earthlink.com $*^I$: $>Isearthlinkcom $&{client_name}$
R$* email.com $*^I$: $>Isemail $&{client_name}$
R$* excite.com $*^I$: $>Isexcite $&{client_name}$
R$* yahoo.com $*^I$: $>IsYahoo $&{client_name}$
R$* juno.com $*^I$: $>IsJuno $&{client_name}$

R$* hotmail.com $*^I$: $>IsHotmail $&{client_name} $&{client_addr}$
R$* hushmail.com $*^I$: $>Ishushmail $&{client_name} $&{client_addr}$
R$* hotbot.com $*^I$: $>IsHotbot $&{client_name} $&{client_addr}$
R$* mail.ru $*^I$: $>Ismailru $&{client_name} $&{client_addr}$
R$* mindspring.com $*^I$: $>Ismindspring $&{client_name} $&{client_addr}$
R$* msn.com $*^I$: $>Ismsn $&{client_name} $&{client_addr}$
R$* microsoft.com $*^I$: $>Ismicrosoft $&{client_name} $&{client_addr}$
R$* netcom.com $*^I$: $>Isnetcom $&{client_name} $&{client_addr}$
R$* julianhaight.com $*^I$: $>Isjulianhaight $&{client_name} $&{client_addr}$
R$* travelocity.com $*^I$: $>Istravelocity $&{client_name} $&{client_addr}$
R$* usa.net $*^I$: $>Isusa $&{client_name} $&{client_addr}$
R$* uol.com $*^I$: $>Isuol $&{client_name} $&{client_addr}$
R$* uwaterloo.ca $*^I$: $>Isuwaterloo $&{client_name} $&{client_addr}$
R$* weave.com $*^I$: $>Isweave $&{client_name} $&{client_addr}$



Rgds...Geoff
Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.
Mick Kearney
Advisor

Re: Blocking messages by title.....or part of

Kathleen,

you could use the Routing rules within Openmail to delete the mails.

You should be able to find details here:
http://www.openmail.com/cyc/om/00/100-1330.dir/DOCS/TRG.PDF