Jack Lyons <revjack(_at_)saltmine(_dot_)radix(_dot_)net> wrote:
: On Mon, 29 Sep 1997, Christopher Biow wrote:
: :This is my mail filter.
: This is my bozo filter.
: *plonk*
Now, now, don't be so hasty. Junking his email will not solve
any real purpose. You need to junk *all* mail filter autoreplies.
Let's see what we can find in his mail to help us.
From: Christopher Biow <biow(_at_)ai(_dot_)net>
Message-Id: <199709291129(_dot_)HAA17351(_at_)aries(_dot_)ai(_dot_)net>
Subject: Re: procmail-d Digest V97 #297
References:
<199709291028(_dot_)MAA03445(_at_)Campino(_dot_)Informatik(_dot_)RWTH-Aachen(_dot_)DE>
In-Reply-To:
<199709291028(_dot_)MAA03445(_at_)Campino(_dot_)Informatik(_dot_)RWTH-Aachen(_dot_)DE>
Standard 'formail -r' headers. I don't think too many onther programs
use "References" and "In-Reply-To" without putting in an X-Mailer header.
X-Loop: biow(_at_)super(_dot_)zippo(_dot_)com
This one is a problem. It is obviously Biow's but since it doesn't
match the From: or Message-ID:, and since X-Loop alone is alright,
it will be hard to do something with this.
X-Loop: procmail(_at_)informatik(_dot_)rwth-aachen(_dot_)de
For dealing with them on the procmail list, I think the presence of
two x-loops plus the identical References: and In-Reply-To: might
work.
Now the body. The body scored 25 from my scoring script, which is
pretty bad -- anything above 10 I junk for normal mail. I haven't
been using the scores for sorting mail on this list through since
there is a lot of spammy stuff that is really just an analysis of
spam. (I'm going to look at the score this reply of mine gets before
considering applying scores to this list.)
This is my mail filter.
Blah, drivel. Useless.
Your mail either came from a "spam haven" site (a site with a
serious and ongoing problem with spamming), came from a site
which offers free email accounts (which spammers unfortunately
love and use often -- a more detailed explanation can be found
This is has got some good stuff.
:0B
* 1^1 ()\/Your +(e?mail|message|letter)( +[a-z,-]+( +[a-z,-]+)?)? +(is|came) +\
from +a +\<?(spam|U[CB]E).*site
* $ -2^1 ^>.*$MATCH
{}
:0B
* $ $=^0
* 1^1 ()\/(free( +(e?mail|pop3?|drop.?box))? +accounts?.*(spam|U[CB]E)|\
(spam|U[CB]E).*free( +(e?mail|pop3?|drop.?box))? +accounts?)
* $ -2^1 ^>.*$MATCH
{}
below), or had headers which the filter's pattern matching tagged
as probable spam, so my mail filter intercepted and deleted it.
:0B
* $ $=^0
* 1^1 ()\/(probabl[ely]+|(look +)?like?(ly)?) +(spam|U[CB]E)
* $ -2^1 ^>.*$MATCH
{}
If you are a bulk mailer, advertiser (commercial or political), or
:0B
* $ $=^0
* 1^1 ()\/you +are +a +(bulk|mass) +(e?mail|spam|adverti[sz])er
* $ -2^1 ^>.*$MATCH
{}
are sending any kind of "free offer", please remove this address
from your mailing list and go away. I do not welcome unsolicited
advertising mail of any kind or for any purpose whatsoever.
Please respect my privacy.
Drivel.
If you are not an advertiser, and are sending from a site which
is blocked in my filter, or if you have no idea what happened,
I'd try to match part of this, but I don't know how well that
$MATCH thing would work for folded lines. Actually, let's not worry
about it.
:0B
* $ $=^0
* 1^1 ()\/sites? +((which +)?(is|are)|(I +)?have) +blocked
* $ -2^1 ^>.*$MATCH
{}
you can resend your mail and get past the filters by including the
Oo, I hate that one.
:0B
* $ $=^0
* 3^1 ()\/you +(can|may|should) +re(send|mail) +your +(e?mail|letter|message)
* $ -3^1 ^>.*$MATCH
{}
password listed below on the Subject: line of your message. But
:0B
* $ $=^0
* 2^1 ()\/(passw(or)?d.*subject\>+(line|header)|\
subject\>+(line|header).*passw(or)?d)
* $ -3^1 ^>.*$MATCH
{}
do this only if you have legitimate, personal business with me.
Any spammer foolish enough to use this password to spam me in
clear violation of my stated wishes will regret it.
Drivel.
Thank you!
In this case, the filters spotted some typical spam phrases
in the body of your message. Please use the password below
to get past this filter.
:0B
* $ $=^0
* 2^1 ()\/(passw(or)?d.*(get +(past|through)|bypass).*filter|\
passw(or)?d.*filter.*(get +(past|through)|bypass)|\
(get +(past|through)|bypass).*filter.*passw(or)?d|\
(get +(past|through)|bypass).*passw(or)?d.*filter|\
filter.*passw(or)?d.*(get +(past|through)|bypass)|\
filter.*(get +(past|through)|bypass).*passw(or)?d)
* $ -3^1 ^>.*$MATCH
{}
********** The password is bypfilter. **********
[entire procmail digest message snipped]
PassWordBounceScore = $=
I'd probably 'formail -A' the score into the headers and tentatively
begin dropping mail that scored 4 or more.
Elijah
------
I /dev/null dupes, no need to CC list posts. It is not my responsibility to
prove to you my mail is not spam, if mail to you bounces it will not be resent.