Tuesday, 6. July 2004
PermaLink Hacking those mail rules again
A rather nasty turn of events over the past day or two has led me to look again at a spam countermeasure I have contemplated in the past.

The turn of events has been the arrival of a significant quantity of spam advertising child pornography and containing in-line images. Some of these spams have hit spam traps, but others have actually hit real users.

The spam countermeasure I have deployed as a result of this involves a further development of Daniel Koffler's excellent DominoPower article, "Hacking Domino mail rules to fight spam".

I noticed that all of these spams had something in common, specifically they all use the same mailer (recorded in the MIME as X-Mailer and as a Notes field $Mailer). A simple development of the process outlined in Daniel's article permits the creation of server mail rules like:

When Mailer contains Spam Blaster pro move to database spamtrap.nsf

I do not intend to give any more details here of the specific spams I am trying to stop or the mailer purported to have been used to send them. I may however offer the tweak as a modified Domino Directory template for you to download - if you want it...

Category: Domino: Administration
Technorati:

Comments :

1. Richard Schwartz11/07/2004 17:11:43
Homepage: http://smokey.rhs.com/web/blog/rhs.nsf


Chris,

I'm going to suggest that you try to remember to delete these rules before you do an upgrade to Domino 7, or at least do the upgrade on a test NAB and carefully examine the rules afterward. Daniel's technique is indeed quite useful, but it does carry some risk of conflicting with changes to the rules code in future releases. What I most specifically worry about is the possibility that the rules UI will show you one thing, but the rule will actually do another. I've talked with the Lotus developers who work on rules and other antii-spam measures, and while they won't come right out and say it, I believe that they agree with me on both counts: the hack is great and it works, but that there's potential for problems during or after upgrades.

-rich

-rich



2. Chris Linfoot11/07/2004 17:40:47


Thanks for suggestion. Actually this is what I do as part of every upgrade anyway. A bit of a nuisance but the rules are simply too useful to do without.

Of course, the Lotus guys could always make them part of the standard build. Rules that act on HELO, X-Mailer or other headers are standard in many other MTAs...



Unable to post a comment? Please read this for a possible explanation...
Add Manual Trackback
Please enter the details of the trackback post. Your trackback will not appear on the site until it has been verified. This won't be immediate, as trackbacks are validated on a scheduled basis. Be patient.











Search
Popular Categories
Blogs
Coffee and Cats
Computing Systems Fundamentals
DNSBLs
Domino Administration
Domino Whitelist
Dumb and Dumber
Flickr
IPv6
SMTP AUTH
Show n Tell
Software
Spam
Spam Statistics
T'Internet
Trunk Monkeys
Viruses and Worms
Wallace and Gromit
Whitelisting
Wii
Monthly Archive
2008
2008
2008
2008
2008
2008
Full Archive
Other stuff
Anti-Spam Tools
Misc Links
Land banking information
ClustrMaps
Locations of visitors to this page
Meta
Proudly powered by IBM Lotus Domino 8 Proudly powered by IBM Lotus Domino 8

Subscribe to articles Subscribe to articles feed

Subscribe to comments Subscribe to comments feed

ROR info ROR info

Like what I do?
Then please consider a donation to support the work of Research Autism.

Idea Jam
Planet Lotus
Contact Me
email - Chris Linfoot