On Sat, 3 Jan 1998, David Hill wrote:
As a follow up to this thread....
here are some recipies I use for spam whacking, the first of
which is an "aol" cleaner. This cleaner checks for a valid aol login and
also if it came though aol. Any that get past this
test get forwarded to abuse(_at_)aol(_dot_)com(_dot_)
It looks like you could use some junkfilter. :) Take a look:
http://www.pobox.com/~gsutter/junkmail/
time lately trying to nuke spam than it would have taken me to
just hit that delete key :-)
Ooh, me too. :) I think I spend 100x as long!
:0 H
* (emailer platinum|E-Broadcaster|authenticated sender)
./lists/spam
That "authenticated sender" seems to be a very good indicator
of spam.
It is, but you must be careful. Pegasus mailer uses that header.
Here's the full check for it:
# Pegasus mailer is the only mailer which legitimately generates
# "Comments: Authenticated sender is ..." so kill anything else.
:0
* ^Comments:.*Authenticated sender
* !^X-Mailer:.*Pegasus Mail
* !^Resent-To:
* !^Return-Path:.*owner-
{ SPAMMER="forged Pegasus auth" }
Here's my "bad mailer" list:
# junk mail / mail bomb software
:0D
*
()\/^(Received|Message-Id|X-(Mail|Send)(er)?):.*(Aristotle|Avalanche|Blaster|Bomber|bulk_mailer|DejaVu|E-Broadcaster|Emailer
Platinum|eMarksman|eMerge|Extractor|e-Merge|Floodgate|from
stealth|fusion|GeoList|Global Messenger|Group|List-X|M
ach10|Mailcast|Match10|MassE-Mail|massmail\.pl|MegaPro|NetContact|NetMailer|News
Breaker|Powermailer|Quick Shot|RAF|Ready Aim
Fire|RIME|Sonic|Stalker|TURBO|WindoZ|WinNT\'s Blat|WorldMerge|Yourdora)(^\.)
{ SPAMMER="junkmail software: $MATCH" }
G'luck!
Regards,
GReg
--
Gregory S. Sutter "How do I read this file?"
mailto:gsutter(_at_)pobox(_dot_)com "You uudecode it."
http://www.pobox.com/~gsutter/ "I I I decode it?"