Hi
I guess you have noticed the new image spam embedded in PDF files.
Fortunately, that makes very small PDF, and I never got any valid
< 25k PDF file in my mailbox.
So here is a handly rule you may want to experiment:
dacl blacklist body /^Content-Type: application.pdf/ \
msgsize <= 25000 \
msg "Sorry, we do not accept tiny PDF files"
In fact that's a simplifed version: I use it with a enable flag pulled
from a LDAP directory. Only users that have opted in for this filter
benefit from it. They have a web form with a checkbox for toggling it
on or off.
urlcheck "userpref" "ldap://localhost/dc=example,dc=net?milterGreylistStatus,netExampleNoSmallPDF?mail=%r" 5 getprop clear fork
racl greylist rcpt /example\.net/ urlcheck "userpref"
dacl blacklist body /^Content-Type: application.pdf/ \
msgsize <= 25000 \
$netExampleNoSmallPDF "TRUE" \
rcptcount == 1 \
msg "Sorry, recipient does not accept tiny PDF files"
That's with milter-greylist 4.0a6
--
Emmanuel Dreyfus
manu@...Message
Image SPAM embedded in PDF
2007-07-04 by Emmanuel Dreyfus