procmail
[Top] [All Lists]

Another good one for your Procmail spam filter

1997-04-04 19:36:00
As more and more spam comes heavily forged, may I suggest you add this
one to your arsenal of spam filter recipes:

:0
* ^From:.*$Received:
{
    LOG="spamreject: Received: after From:
"
    :0:
    spam
}

This will catch any mail message which has a Received: header after
the From: header, as has been typical in recent spams. 

The above will issue a warning to your Procmail log file and save the
message in a folder called "spam" instead of in your inbox. For a
stripped-down version which doesn't do any extra logging and just
ditches any matching messages, try the following: 

:0
* ^From:*$Received:
/dev/null

I would not recommend using this latter version unless you know what
you are doing. It is perfectly legitimate for a message to have the
header fields in any order whatsoever, but this particular pattern has
been characteristic of much spam lately. 
  For the adventurous, you could use Procmail's scoring feature to
construct some sort of heuristic -- such as, if the above matches
+and+ the message is addressed to an AOL address, or if the Subject
contains only the word "Hi" and maybe a smiley ...

In the long run, I'm sure this will only lead the spammers to try to
find different means to forge their messages, but in the interim, this
should at least protect you against those spammers who are slow to
catch up. 

Well, hope this helps. 

/* era */

-- 
Defin-i-t-e-ly. Sep-a-r-a-te. Gram-m-a-r.  <http://www.iki.fi/~era/>
 * Enjoy receiving spam? Register at <http://www.iki.fi/~era/spam.html>