procmail
[Top] [All Lists]

Re: Spammer-slammer algorithm

1997-10-23 01:01:45
On Wed, 22 Oct 1997 18:26:17 -0400, Walter Dnes
<waltdnes(_at_)interlog(_dot_)com> wrote:
blacklist-keepers out there, you can earn netizens' gratitude
by keeping lists of spammers' IP address blocks, as well as
domain names.

Of course, you could save a lot of aggravation by rejecting SMTP
connects from these slime domains. This won't protect you from relayed
spam, though, so there's still room for Procmail filtering (until
everyone starts rejecting those slimeballs on the router level; it's a
miracle it hasn't happened already).

    That's where my "Spammer Slammer" algorithm comes in.
I've included 5 sample spammer domains, and show how they can
be filtered.  If you check the header of an email message to
you, the sending machine's IP address is in a "Received: from"
header.  Note that a message can be passed around via one or

Not necessarily. As filters get better, more spammers will learn to
seek out relay hosts which don't do this sort of logging. There must
be thousands of simple open SMTP servers out there running on
autopilot and with no incentive at all to upgrade, until they get used
in a big-time spam relay (and perhaps even then with very little
incentive to prevent it from happening again, if they're running on a
Mac Plus or whatever). 

:0Hi
* !^(From|Reply-To):.*(interlog.com|mapinfo|majordom|csl.sri.com|autoreply)
* !^(To|Cc|Bcc):.*(waltdnes|mapinfo|csl.sri.com)
* !^To:.*reform-online
* !^To:.*procmail.Informatik.RWTH.Aachen.DE
{

Both the flags on this recipe are redundant. You could collapse and
optimize the regexes a bit, too, but I don't suppose that is very
important here.

LOG=////////////////////////////////////////
       :0hi
       |grep . >> $LOGFILE
}

This could be written simply as

    # You probably want a newline after the bunch of slashes
    LOG="////////////////////////////////////////
"
    :0h  # Procmail won't care if you lock the log, so we don't
    $LOGFILE

although I would personally just save the entire spam to a folder
outside of my quota and complain loudly when I have the time.

    Also, does the at-sign "@", have to be escaped with a
backslash, or is it not a special character?

It is not special.

/* era */

-- 
 Paparazzi of the Net: No matter what you do to protect your privacy,
  they'll hunt you down and spam you. <http://www.iki.fi/~era/spam/>

<Prev in Thread] Current Thread [Next in Thread>