The Sanitizer works through procmail not sendmail so if you can use procmail rules with qmail you should be able to use the Sanitizer. If you need help try on the Sanitizer mailing list the author reads and regularly responds to questions on there and if he doesn't know one of the many administrators on the list should.
It marks certain tags as defanged.
From one email
<DEFANGED_script language="JavaScript">
<DEFANGED_meta name="description" content="The Web Developer's Resource">
<DEFANGED_script>
<!-- <DEFANGED_STYLE type="text/css">
<DEFANGED_META HTTP-EQUIV="refresh" content="600; url=/webmonkey/">
<DEFANGED_script src='
http://ln.doubleclick.net/adj/wm.ln/google;pos=1;sz=728x90;tile=1;!category=adult;ord=1015024872?'></script>
From another
<DEFANGED_meta http-equiv="content-type" content="text/html; charset=iso-8859-1">
<DEFANGED_link rel="StyleSheet" href="
http://www.cnn.com/virtual/2001/style/main.css" type="text/css">
<!-- <DEFANGED_STYLE type="text/css">
for the web bugs specifically from the html-trap.procmail file
if ($ENV{"DEFANG_WEBBUGS"}) { #\
s/<IMG/<DEFANGED_IMG/gi; #\
s/<BGSOUND/<DEFANGED_BGSOUND/gi; #\
if (/<BODY\s/i) { #\
s/\sBACKGROUND\s*=\s*/ DEFANGED_BACKGROUND=/gi; #\
} #\
} #\
and from the configuration page
DEFANG_WEBBUGS: Disable inline images and sounds.
"Web bugs" are small images (typically only one pixel in size) that are used to track an email message. Identifying information is included in the image URL, and when an HTML-enabled mail program attempts to display the message the location of the message can be tracked (since the mail client will attempt to retrieve the image from the web server given in the webbug URL) and logged.
One common use for this is to determine whether or not a SPAM message has reached a real person, so that email addresses can be validated for future use by the spammer. Another is to track the propagation of a message as it is forwarded from person to person.
The same can be done using background sound files, and through image links embedded in Microsoft Office documents.
If you consider this a violation of your privacy, you can set DEFANG_WEBBUGS to any value and the sanitizer will defang all <IMAGE> and <BGSOUND> tags to prevent this. You can still retrieve the URL from the message body and decide whether or not you wish to view the image or hear the sound.
Unfortunately this will not strip webbugs from Office documents. In the future the sanitizer may scan for the presence of bugged documents and add a warning.
Example:
DEFANG_WEBBUGS=YES
----- Original Message -----
From: Ed BK
To: spamassassin-users@incubator.apache.org
Sent: Tuesday, March 02, 2004 11:37 PM
Subject: RE WEBUGS ARE SPAM
This is one of the biggest problems out there!!!, I'm amazed with all the good server wide programs out their not one has a simple option to strip html into just a harmless txt email message I have yet to find one (other then a sendmail related program called sanitizer unfortunatly I cant find one that works with qmail, the reason being outlook, I cant think of one ms email client that has a option to block html, having your ip taken is just a minor thing compared to having a web page or html email active script a virus into your computer. there are a lot of us that have no need at all for a html message in fact I consider all html messages (SPAM) If anyone has a way to set my rh9 qmail server up like sanitizer or strip all html messages into txt please post it here I run both SA and Qmail-scanner.
Ed
At 08:57 PM 3/2/2004, you wrote:
>Yeah, I just thought of that as well. I have SA configured to mangle
>spam sufficiently to prevent HTML mail, but lately enough spam has
been
>getting through that I might have been nailed by a webbug.
Of course, your e-mail client is set to not automatically display /
download HTML, RIGHT? ;)
Evan
------------------------------------------------------------------------------
Do you Yahoo!?
Yahoo! Search - Find what you're looking for faster.