Author Archives: Dave Warren (everything-mdaemon.com)

Image-only adult themed spam

Posted on by 1 Comment ↓

Lately there is a new batch of spam going out that tends to use adult themed subjects, but has no content in the body aside from a single image.

It has been reported that this SpamAssassin rule helps:

header __CTYPE_MULTIPART_MXD Content-Type =~ /multipart\/mixed/i
mimeheader __ANY_TEXT_ATTACH Content-Type =~ /text\/\w+/i
meta MIME_IMAGE_ONLY (__CTYPE_MULTIPART_MXD && __ANY_IMAGE_ATTACH && !__ANY_TEXT_ATTACH)
score MIME_IMAGE_ONLY 2.00
describe MIME_IMAGE_ONLY Image body part but no text body parts

To use it, copy these five lines into the bottom of your \MDaemon\SpamAssassin\rules\local.cf file, then either restart MDaemon or create a mdspamd.sem file in the \MDaemon\App\ directory.

You may want to tweak the “Score”, but start with 2.0 as this rule hasn’t been aggressively tested so there is a higher risk of false positives then with the default SpamAssassin rules.

Lastly, it’s also worth mentioning that Outbreak Protection (part of SecurityPlus 4 and higher) is flagging these messages as spam.

UPDATE 2009/05/19: The above rule only works in MDaemon 10 and higher, for earlier versions, you’ll need one more line:

mimeheader __ANY_IMAGE_ATTACH Content-Type =~ /image\/(?:gif|jpeg|png)/
(Thanks goes to “Greg Vancardo” for tracking this one down)

Spam Filter responding slowly

Posted on by No Comments ↓

Recently “DSBL”, one of the DNSBLs used in SpamAssassin, changed their DNS to point to an unrouteable IP.

The lookup is still in the SA 3.24 rules MDaemon uses. If you have DNS service available set to Yes or Test, that might be slowing down SA processing. Try adding the following line to your \MDaemon\SpamAssassin\rules\local.cf file.

score RCVD_IN_DSBL 0

Once this is done, open a command prompt and type the following command to reload your SpamAssassin rules, and/or restart MDaemon;

echo. > C:\MDaemon\App\mdspamd.sem

Threading messages in Thunderbird

Posted on by No Comments ↓

One of my favourite features in a mail client is Threading. This shows you all the messages in a folder that are related to one conversation in one place, similar to GoogleMail’s conversation view, but it actually more context with you have multiple related discussions going on at once.

Outlook Express has had it for years, as has Thunderbird, WorldClient recently added Threading support too. For OE and WorldClient, this setting is per-user, it applies to all folders in your profile, so it’s easy enough to toggle. However, Thunderbird stores the “thread” flag on a per folder basis though, which is always a pain when setting up a new computer since I’ve got hundreds of folders and want every one of them threaded. After literally years of searching, I stumbled across a way to accomplish this goal.

Find your Thunderbird profile, create a file called “user.js” and edit it in notepad. Take care to not end up with “user.js.txt” as that won’t work. Inside the file, add these lines:

# Mozilla User Preferences

user_pref(“mail.check_all_imap_folders_for_new”, true);
user_pref(“mailnews.default_sort_order”, 22);
user_pref(“mailnews.default_sort_type”, 1);
user_pref(“mailnews.default_view_flags”, 1);
user_pref(“mailnews.headers.showSender”, true);
user_pref(“mailnews.headers.showUserAgent”, true);

Restart Thunderbird, and now any newly created folders will automatically have threading enabled, oldest threads first. If you want newest threads first, change “default_sort_type” to 2.

I got this clue from Thunderbird’s bugzilla bug #86845 and thought I’d share it here since I’m sure I’m not the only one who has wanted this.

So what if you want to make all your current folders thread automatically without going folder by folder? If you use IMAP, you’re in luck, shut down Thunderbird, look for the \ImapMail\ subdirectory and rename or delete it. This will cause Thunderbird to forget everything it knows about all folders, reloading them as new, and redownload all content (which doesn’t take long since it just downloads headers, messages aren’t downloaded until they’re accessed).