Sean wrote:
At 09:22 2005-05-24 -0500, Pettit, Paul wrote:
# extentions that we want to never see come through
:0
*^Content-type: (multipart/mixed|multipart/alternative|application)
This is going to check the HEADER, not the body -- you indicated what
content is in the BODY of an example message, but not what is
in the header...
The Content-type is in the header as far as I can tell but I'll double check
that.
:0 HB
*^Content-Disposition: (attachment|inline);
Well, here you expect a semicolon immediatley after the
keyword, while the
body has:
Content-Disposition: attachment
.exe %s\%s .zip ; name=" msdownload compressed
so right off, THAT isn't going to match.
Interesting. I didn't consider that. I'll remve the ';' and see if that
fixes it. One can only hope it's that simple.
The receipe is based on a very old one from the Moongroup list and that ';'
was in the original too.
Have you considered taking one of the failed messages and
throwing it at
your recipe with VERBOSE=ON and then checking the logfile?
Yes I've been running with VERBOSE=ON and loging since earlier today but I
have not gotten another spam like it yet to compare with.
*filename=".*\.(ad[ep]|asd|ba[st]|c[ho]m|cmd|cpl|crt|dbx|dll|
exe|hlp|hta|in[
fs]|isp|itms|jar|js|js[fe]|lnk|ocx|md[etw]|ms[cipt]|nws|ocx|o
ps|pcd|pi|pif|p
rf|reg|scf|scr|sct|sh[bms]|swf|uue|vb|vb[esx]|vxd|wab|ws[cfh])"
You didn't include anything from your example message
indicating a filename
component...
My bad, I didn't state it concisely but I did note that 'When I forward the
message to my self
the filter works perfect and I get the following: "[demime 1.01e removed an
attachment of type application/x-msdownload which had a name of
upgrade1327.exe]".' which implied the file was a .exe executable. I should
have been more clear.
but I'm not sure how accurate it is. When I forward the
message to my self
the filter works perfect and I get the following: "[demime
1.01e removed an
Probably because your own mail software inserts the necessary
headers you
expect to find but are not present on the original message.
If you expect reproduceable results, you should take the
saved message from
a mailbox on the server and pipe that back at the procmail script
(presuming the message in your inbox hasn't been otherwise
modified by some
subseqent rule).
I'll try that but we don't save copies of emails on the server and it's a
POP3 server setup so I don't know I have one till I've downloaded it and
then it's not on the server anymore. I'll see about looking in the mbox
prior reteiving the mail to see if one is in there.
---
Sean B. Straw / Professional Software Engineering
Thanks for the help.
Paul Pettit
CTO and IS Manager
Consistent Computer Bargains Inc.
I've heard it said that the proof of lunacy is when you repeat the same
steps expecting different results. I say it's proof that you're a Microsoft
user. - comment by deshi777 on experts-exchange.com
____________________________________________________________
procmail mailing list Procmail homepage: http://www.procmail.org/
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail