Problem with Subject: header check



I currently have a "working" subject phrase block in place on my
sendmail (v8.12.10) using the following setup:

F{NSubj}/etc/mail/BlockedSubjects // externally maintained map file of
rejected subject "phrases"
HSubject: $>+CheckSubject

With the following hook in the "check_mail" rule set to check the
Subject: header

R$* $: $1 $| $>"CheckSubject" $1

SCheckSubject
R$*$={NSubj}$* $#error $@ 5.7.1 $: "550 Delivery not authorized, spam
refused"


Note: I have several other hooks in this section for blocking certain
IP addresses, Domain Names, e-mail addresses, etc., but the above check
is the "last" one performed before processing "falls thru" to
sendmail's normal routines for handling incoming messages. So far this
setup has worked perfectly to blocking messages containing certain
specific phases in the subject line!

However, within the past few weeks we've started receiving spam where
the Subject: line is an e-mail address instead of a normal subject
(specifically the "same" address the spam is being sent to.) I
figured, no problem, I'll just add all our e-mail addresses to my
subject phrase map file and such messages would be blocked. However, I
ran into a problem when I did this!

Any e-mail address I add to the map file also causes a rejection if the
message originates from or is addressed to that particular address! By
changing the wording of the rejection message, I was able to verified
the rejection was actually occurring in the SCheckSubject routine and
not any of my other checks (none of which use that particular map file
anyway), so I added the following to the SCheckSubject routine thinking
my problem might be in the map file itself.

D{MPat}my.email@address
R${MPat}$* $#error $@ 5.7.1 $: "550 Delivery not authorized, spam
refused"

However, it still rejections the incoming message if the address being
checked for is in the From: or To: fields of the header. Obviously the
subject check I'm using (which is shown as an example all over the web
of how to check the Subject: field of the headers) isn't checking
"just" the subject line of the header but the "whole header!" BTW, I
"did" try changing my header rule setup to HSubject: $>CheckSubject
thinking the problem was something in the additonal info $>+ passes
back in the returned value but that didn't help.

So, does anyone know how to set up a header check that will return
"only" the contents of the Subject: field of the header?

Thanks for your time,
Big Al

.



Relevant Pages

  • Re: arXiv endorsement request
    ... >> Please submit this to the journal of pencil shavings and donkey lungs. ... > Eddie obviously could not follow that phrase, ... > misdiagnosis and rejection. ...
    (sci.physics)
  • Re: arXiv endorsement request
    ... >> Please submit this to the journal of pencil shavings and donkey lungs. ... > Eddie obviously could not follow that phrase, ... > misdiagnosis and rejection. ...
    (sci.physics.relativity)
  • Who is the Imposter?
    ... I just received a notice of rejection for a post I never never wrote, ... attributed to "The Golem from Schmolem" with a misspelled ... subject header, no less. ...
    (soc.culture.jewish.moderated)
  • Re: 554 5.4.6 Too many hops
    ... suddenly my e-mails stop to pass. ... Now I receive rejection for every my ... Which provider should correct this state - my or my ... The oldest "Received:" header is at the bottom. ...
    (microsoft.public.exchange.admin)
  • Re: Happiness is a Warm Pen: the Beatles peer & contemporary
    ... prominent influences, that is, ... offered a similar theory about the phrase "4th time around." ... Bob Dylan's trash represents his rejection of the military-industrial ... or else his embrace of same, ...
    (rec.music.beatles)