fleet(_at_)teachout(_dot_)org wrote:
On Mon, 17 Feb 2003 dman(_at_)nomotek(_dot_)com wrote:
formail -ds procmail ~/spamtest/test.rc < ~/Mail/backup.1
I suspect the -d is what's messing you up.
BINGO. Removing the -d flag got rid of all the 0 hits
Good.
How many people who use Outlook (and not
also Exchange, which would show up in the headers as well if it were
there) have direct pipelines to incoming SMTP servers at
your upstream provider?
And just how do you get procmail to determine that it is significant
that the X-Mailer is Outlook without Exchange, and that the
message was inserted into the system without benefit of an ISP?
(And, since I don't send my mail through an ISP, my messages
probably get looked at with a jaundiced eye!) :)
Jesus, but you want all my crown-jewel secrets, don't you. :)
:0 # 030211 () RCVD_COUNT shouldn't be low for home-style mail clients
* $ ^X-Mailer:(.*\<)?$HOME_MUA
* $ LOCALSOURCE ?? $FALSE
* $ -1^0 MYTAG ?? $TRUE
* 1^0 ! domKEY ?? ^^(ccc|panx)^^
* 1^0 domKEY ?? ^^bofh^^
* $ $RC_THRESHOLD^0
* $ -$RCVD_COUNT^0
{ RX = "${RX:+$RX, }UBE.XM.NONBULK+PIPELINED" }
Catches between 15% and 25% of all my spam with
no false pozzes. The $domKEY thing essentially
adjusts the length of the threshold for a couple
of odd domains that are forwarded to my main host
via different means (meaning Received count
differs from my norm). Currently: 22 of last 100
spam messages were caught by the above.
3:30pm [~/Mail] 417[1]> distro | sed -n '1,/PIPE/p'
Finding distribution for "^X-Recipe-ID: " within
selected file(s) (default: [*])
51 UBE.ID.FAKE
41 UBE.TRUST<LOWEST
41 UBE.VH.!HOTHOO
35 UBE.RC.LOW_COUNT+TO.!ME+TRUST<HIGH
33 UBE.SJ.END+(SPACEY|NUMS|NOVOWELS)
32 UBE.OH.RETROFIT-MUA
28 UBE.DT.BOGUS
23 UBE.ID.MYUPSTREAM
22 UBE.XM.NONBULK+PIPELINED
What's in $HOME_MUA are just a half-dozen obviously home-style
mailer names culled from my recent mail. Putting that together
took about five or ten minutes. I could add lots more, but
don't bother. I go with what the spammers forge most often.
$RC_THRESHOLD is the number 3 at present. If my mail headers
change with software or system upgrades or changes, I can
change the number. (I did that once recently.)
Oh, and:
TRUE = . # normalize Boolean nomenclature
FALSE = ^^^^ # ditto
You maintain a list of X-Mailers? Categorized?
Occasionally I run
sed -n '1,/^$/{ /^X-Mailer:/p; }'
on my archived recent spam and good mail and save the results to
different respective files. Then "sort -u" on the result. Then,
from the two files,
comm -23 baddies goodies
shows me the ones only the spammers used recently in my mail.
I'm not manic about this. I do it when I'm bored and think my
list needs to be updated. The files currently are 46 and 37
lines long, respectively. I could put this all in a script,
but haven't even bothered to do that yet.
This is an area I need to work on. Your example recipes will
be helpful!
I ain't gonna spill 'em all at once. Buy the book! :) :-)
Dallman
_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail