Request for comments

[UxBoD]

Why not just write a SA rule based on the subject ? Just thinking aloud.
----- Original Message -----
From: "Steven Andrews" <sandrews at andrewscompanies.com>
To: "MailScanner discussion" <mailscanner at lists.mailscanner.info>
Sent: Thursday, July 19, 2007 8:19:33 PM (GMT) Europe/London
Subject: RE: Request for comments

Blacklist by subject comes to mind...or is there already a better way to
do this? 

-----Original Message-----
From: mailscanner-bounces at lists.mailscanner.info
[mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of UxBoD
Sent: Thursday, July 19, 2007 2:47 PM
To: MailScanner discussion
Subject: Re: Request for comments

Personally I do not see the apparent benefit Jules.
----- Original Message -----
From: "Julian Field" <MailScanner at ecs.soton.ac.uk>
To: "MailScanner discussion" <mailscanner at lists.mailscanner.info>
Sent: Thursday, July 19, 2007 6:42:03 PM (GMT) Europe/London
Subject: Request for comments

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I am wondering if it would help if I added "Subject" to the list of
things you could use in rulesets.

Would it be useful?

You would only be able to match against exact strings or regular
expressions, and I'm not quite sure how I would parse it in the ruleset
files. Exact strings would be in double-quotes, with '"' characters in
the string doubled up as a means of escaping them. How I would find the
end of a regular expression is another matter. I guess it would be
surrounded with '/' characters, and I would look for the first '/' that
wasn't preceded by a '\'.

I would have to allow the 'i' on the end of a regexp match at least. 
Matching against a quoted exact string would be a substring match.

It would be available just about anywhere you can use a ruleset, as I
read the subject line near the point where I read the from and to
addresses from the envelope.

Multiple "Subject:" lines would be handled by adding them all together
with a \n newline between each one.

Your comments please....

Jules

- --
Julian Field MEng CITP
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

MailScanner customisation, or any advanced system administration help?
Contact me at Jules at Jules.FM

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all
your IT requirements visit www.transtec.co.uk


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.6.2 (Build 2014)
Charset: ISO-8859-1

wj8DBQFGn6JsEfZZRxQVtlQRAmB+AJwI6uqeuSNgSEFOYfef6Pp5RVQ4ggCgv6PU
hgrcKmoAhBaWV4V+CXyOAmM=
=MvkD
-----END PGP SIGNATURE-----

--
This message has been scanned for viruses and dangerous content by
MailScanner, and is believed to be clean.
For all your IT requirements visit www.transtec.co.uk

--
MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 

--
This message has been scanned for viruses and dangerous content by
MailScanner, and is believed to be clean.



-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

-- 
MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 
--
MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.



-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.