At 02:47 AM 1/2/98 -0600, Christopher P. Lindsey wrote:
My recommendation... rather than umpteen variants to handle
umpteen different mail services, how about one generalized
version. I'm still hazy about $MATCH, but here's a possible
algorithm...
(note: I have yet to see this particular message followup via the list,
though I hope to see it soon)
There are many mail services - but only a handful of them have a track
record of being WIDELY used for spam.
I should also note that someone else had posted to this list some time back
about matching from domains to message-id domain portions - but there
were/are too many technical issues with that - here, I mentioned the
application of this for Juno-type mail specifically because of the known
spam problems being FORGED from that domain.
I agree -- making this more extensible would be a Good Thing. Here's
a possibility using $MATCH:
:0:
* ^From: [^(_at_)]+@\/[^ ]+[ ]+
* !^(Received|Message-Id):.*$MATCH
couldbespam
As you noted below, this From match is too generic - this sort of rule
would suspect too many messages as potential spam (for instance, many
people with virtual domain services - their FROM contains their registered
domain, but the message-id is likely to contain the domain of their host
ISP). My offering was specific to the spam-prone addresses of Juno and
Hotmail (and some others), knowing that currently there are many people
doing simple trashcan filters on these domains.
(Not that I have a problem with trashcanning domains - I've got a heckuva
list of domains I now trashcan)
What procmail does it take whatever is to the right of "\/" in the
regular expression and set it to $MATCH. So in the above recipe,
it pulls everything that's to the right of the first @ sign up
to the next space, which ends up being the hostname/domain name.
How about:
:0:
* ^From: [^(_at_)]+@\/(juno\.com|hotmail\.com|prodigy\.com|prodigy\.net)
* !^(Received|Message-Id):.*$MATCH
couldbespam
(I haven't the slightest if this will work with $MATCH properly though)
Addition of the recieved header is interesting, but I wonder how that would
affect suspect mails in general?
---
Please DO NOT carbon me on list replies. I'll get my copy from the list.
Sean B. Straw / Professional Software Engineering
Post Box 2395 / San Rafael, CA 94912-2395