On Fri, 23 Aug 1996, athar shiraz siddiqui wrote:
I would be very interested in such a recipe as well.
I have an algorithm for defense against mail bombing but as I am newly
exposed to procmail I cannot code it.
This is the one that I put together after posting about it here (thanks
to all who helped, BTW). It will go through and dump any messages that
aren't on maillists that you already subscribe to, and it will keep the
welcome messages that usually have unsubscribe info in them. The only
problem with it is that you can rarely put the info for all the people
who might be writing to you into the recipe, so a message or two will
probably get lost when you use it.
# noflood - email bomb blocker
* ! ^From:.*(postmaster|Mailer|listproc|majordomo|listserv)
# this line will keep the recipe from deleting Subscribe messages
* ! ^TO(mailing|lists|and|addresses|of|people|you|know|go|here)
Concept: The bomber can use (1) mailing lists or (2) he can use a script
to send you say a thousand messages in a day. We have a solution ( prob.
code too ) for (1) .
But for (2).. we could
(A) Log the senders and ban the account that sends more than say 10
messgs. in one hour or one day .Or better begin counter measures ....like
bouncing back mail and sending all man pages.
Hmm...I suppose that (A) might be possible, but I don't have the slightest
idea how to do it.
(B) Also we could check the size of the Inbox and remove excess mail, as
it comes in, because if the bomber is a fellow procmail usr he can easily
fake the FROM: field.
As I understand it, Procmail deals with the messages *before* they get to
your mailbox, so removing the mail after it has been delivered would
probably require doing it manually. The key is to take care of it before
it reaches your inbox.
I think B is more feasible and less taxing.
is there a way of doing this ?
A. Shiraz Siddiqui
zachb(_at_)netcom(_dot_)com <----- finger for PGP public key