procmail
[Top] [All Lists]

Re: Another good one for your Procmail spam filter

1997-04-12 19:42:00
At 05:18 AM 4/5/97 +0300, era eriksson wrote:
As more and more spam comes heavily forged, may I suggest you add this
one to your arsenal of spam filter recipes:

:0
* ^From:.*$Received:
{
   LOG="spamreject: Received: after From:
"
   :0:
   spam
}

This will catch any mail message which has a Received: header after
the From: header, as has been typical in recent spams.

Going back to the *original* post on this lengthy thread  :)  :

This occurs when mail is sent without a From: header, frequently
omitted by spammers, but sometimes otherwise, probably unintended.

The "From:" you see is likely added while storing the mail by the
MDA, made from a "best guess" (the SMTP MAIL FROM).  The purpose is
undoubtedly to pacify some of the stupider mail clients which won't
work right in the absence of From:.

The added From: appears above any Received: headers added en route
to the destination, but below the final delivery one (in my experience).

I'd recommend using this test with caution, since the condition can
occur with broken software on the non-spamming-sender's side.

Cheers,
Stan

<Prev in Thread] Current Thread [Next in Thread>