> > Another solution is to place all of the regexps into a file (for
> > example, called "spamsters"), and use an egrep against the possible
> > source addresses:
> >
> > :0:spamsters.lock
> > * ? formail -xFrom -xFrom: -xReply-To: -xSender | \
> > egrep -s -f spamsters
> > | $FLUSHFILTER $LIST > /dev/null
> >
> > The "formail" pulls out the possible source addresses, and the patterns
> > in the "spamsters" file are matched against the addresses. If the egrep
> > succeeds, then FLUSHFILTER is run.
> >
> > This has the advantage that a spamster address occuring on any of the
> > source mail fields in the mail will can trigger a match, and not just
> > the From or From: headers.
>
> This has one problem. It doesn't allow for the many spammers who aren't
> above forgery.
You are quite welcome to keep using your original recipes; I don't
care. I was responding to the problem you were having with overly
long regexps which were exceeding LINEBUF.
However, your original recipe has the same problem. The *effective*
changes I made between your original recipe and the one above were:
* all of the regexps exist in a file
* additional sources of addresses were used, instead of just the "From*"
headers
What you are describing now is a different problem.
ANYTHING can be forged in ANY email. Only by sending email through a
well-configured mailer do we get some semblance of tracking with
"Received" headers. Unfortunately, the Received: headers are not
standardly formatted, and extracting an address programmatically is
difficult. However, they also can be used for pattern matching:
:0:spamsters.lock
* ? formail -xFrom -xFrom: -xReply-To: -xSender -XReceived: | \
egrep -s -f spamsters
| $FLUSHFILTER $LIST > /dev/null
will also check the Received: headers for a spamster address.
> Cyberpromo was extremely bad when it came to filtering due to the MANY
> domains mail could have come from.
>
> But a recipe like this handles all of thier garbage for me, without losing
> anything I ever found of importance.
>
> :0
> *(cyberpromo|interramp|moneyworld)
> *!^Subject:.*(cyberpromo|interramp|moneyworld)
> /dev/null
>
> Allows me to recieve mail discussing the twits, while dropping the twits
> rather effectively.
This is not entirely true. Your recipe above would toss mail with the following
headers:
From: Joe (The Anti-Cyberpromo King) <joe(_at_)coolsite(_dot_)com>
To: anti-cyberpromo-list(_at_)coolsite(_dot_)com
Cc: anti-spammers(_at_)hotsite(_dot_)org
Subject: Let's Stamp Out Spammers!
The trouble with trashing mail is that, since you have no feedback, you don't
know how badly the filter is failing.
G'luck.
Alan