Professional Software Engineering wrote:
if the Message-ID doesn't contain the proper domain,
then the message is dumped as a spam:
This template is duplicated and modified as appropriate for
each of the individual domains:
If the message appears to be FROM a Juno account, yet the
Message-ID does > not contain juno.com, it is forged (though,
it might be someone sending a message as if from their juno
account - but I don't much care).
Any recommendations for improvements? How about sample
headers from other mail services similar to juno and hotmail?
My recommendation... rather than umpteen variants to handle
umpteen different mail services, how about one generalized
version. I'm still hazy about $MATCH, but here's a possible
algorithm...
1) match the first whole-word (including punctuation) after
the "@" on the "From: " header. E.g. from
"From: someone(_at_)some(_dot_)isp(_dot_)com (someone)" extract "some.isp.com"
2) look for MATCH ("some.isp.com") in *BOTH* the message ID
and the "Received: " headers. If not found in both, it's
probably junk.
I don't know how to capture the "some.isp.com" portion, but
if it's do-able, then...
########################################################
:0 :mymail.lock
* match the whole-word after the @ in the "From: " line
*$ ^Message-ID:.*$MATCH
*$ ^Received:.*$MATCH
$DEFAULT
LOG="SPAM: forged $MATCH$TWITVER"
:0:
|gzip -9fc>>$MAILDIR/twits.gz
########################################################
Note that I reverse your logic and deliver to $DEFAULT
if matched, otherwise pass to the next recipie. I could
do it your way, but I would have to have two separate
recipies with nested statements. The one limitation of my
way is that it has to be the last test applied.
--
Walter Dnes (Toronto)
<waltdnes(_at_)interlog(_dot_)com>