So, to dump all mail coming from this new disservice, I should be able to
add the following recipe:
:0:
* ^Received:.*[^-a-z0-9]Cyber-Bomber([^-a-z0-9.]|$)
/dev/null
That works, but here's something even better:
Received: from ispam.net by sgiblab.sgi.com via ESMTP
^^^^^^^^^
The domains "ispam.com" and "ispam.net" is Cyberpromo's new ISP/spam
service. Filter the Received: headers for these strings, the netblock
205.199.212 (owned by Cyberpromo), anything with the strings
"bandwidth.partner", "bndwdth.prtnr", "bw.prtnr", "bw.partner", ".cpbw"
"cyberout" or "cyberpr", and anything with the domains acun.com,
answerme.com, tosguard.com, or zapback.com. This will get 99.99+%
of what Sanford Wallace is sending out through any of his machines right
now, although I filter for every known domain he has. :/
Here's the recipe I'd use for this:
# Cyberpromo/Spamford <GRRRRRR>
:0:
* ^Received:.*[^0-9a-zA-Z](ispam\.(com|net)|\
205\.199\.212|\
bandwidth\.partner|\
bndwdth\.prtnr|\
bw\.partner|\
bw\.prtnr|\
\.cpbw|\
cyberout|\
cyberpr|\
acun\.com|\
answerme\.com|\
tosguard\.com|\
zapback\.com)
* !^X-Loop: <yournoloop>
/dev/null
I autoreply and send complaints to every valid address I've got, though.
AGIS, their connectivity provider, deserves to have to deal with the
complaints, the sleazeballs. :(
--
Catherine Hampton <ariel(_at_)tempest(_dot_)boxmail(_dot_)com>