Hi,
I am also doing some blocking by using these sendmail check_* rules,
the problem is that many times the spammer sites bounce their mail
off of other non-spammer sites, or have other identifying header lines
which are not checked with the current sendmail check_* rules, but which
I can very reliably catch with procmail.
Many spams have an "X-UIDL:" header, while no legitimate mail should
ever have this line, so it sure would be nice to be able to block all
mail with "X-UIDL:" in the headers. (Stupid spamming software uses this
to try to get around certain mail-reader filter programs.)
"X-Advertisement: Visit http://www.iemmc.org"; is also a sure giveaway,
as are any "Received:" lines with cyberpromo in them, etc....
See my other note about this. Hope it's clearer.
-Mark
----- Forwarded message from Chris D. Halverson -----
From cdh(_at_)kirk(_dot_)CompleteIS(_dot_)com Fri Aug 1 16:36:54 1997
From: cdh(_at_)CompleteIS(_dot_)com (Chris D. Halverson)
Date: 01 Aug 1997 15:36:37 -0500
In-Reply-To: "Mark G. Thomas"'s message of "Fri, 1 Aug 1997 15:28:05 -0400
(EDT)"
"Mark G. Thomas" <Mark(_at_)Misty(_dot_)com> writes:
The offending line in the procmailrc file is:
BLOCKDOM=`cat /etc/local/mail/DeniedNames`
Is there some way I can easily increase this value that procmail uses to
determine "Excessive output"?
If you're doing this system wide, you should probably use sendmail to
block them. See:
http://www.sendmail.org/antispam.html
This will prevent it from ever being on your system at all, even if
it's just for rejection.
Chris
--
Chris D. Halverson Complete Internet Solutions
PGP mail accepted, finger for public key http://www.CompleteIS.com/~cdh/
----- End of forwarded message from Chris D. Halverson -----
--
Mark G. Thomas (Mark(_at_)Misty(_dot_)com -- http://www.misty.com/)