A *SPECIAL* favourite just for this list<g>. Because I
shouldn't have to type in the Reply address manually. This
one re-writes the "Reply-To:" address. I have a similar one
for another mailing list that is similarly (mis)configured...
:0 fhw
* ^Resent-Sender: procmail-request(_at_)Informatik\(_dot_)RWTH-Aachen\(_dot_)DE
* !^Reply-To:(_dot_)procmail(_at_)Informatik\(_dot_)RWTH-Aachen\(_dot_)DE
| formail -i "Reply-To: procmail(_at_)informatik(_dot_)RWTH-Aachen(_dot_)DE"
=============================================================
The workhorse that still captures 90%+ of spam I trap. At
the beginning of my .procmailrc, I divert mailing lists and
define variable MYISP. Interlog owns both interlog.com and
interlog.net domains...
MYISP="interlog\.(com|net)"
:0
*$!^(Sender|From|Reply-To):.*$MYISP
*$!^(Apparently.*|To|Cc):(_dot_)*$LOGNAME(_at_)$MYISP
DIAGNOSTIC="///////////////////// Not addressed to me"
{
:0:
| echo $DIAGNOSTIC>>junkmail ; cat - >>junkmail
}
=============================================================
The following traps various 1-liner conditions and does the
equivalent of a bitwise-OR to a status flag. The diagnostic
message lets me know which test(s) trapped the email.
:0
* 1^0 ^(Date|Subject|Reply-To):(.*$)+Received:
* 2^0 ^Received:.from.*.\(\[.*.by.(.*$)+Received:
* 4^0 from.*.ix.netcom.com
* 8^0 ^X\-Advertisement:
* 16^0 ^X\-UIDL:
* 32^0 ^Recieved:.from.*( EHLO | IDENT\-NOT\-QUERIED)
* 64^0 ^Received:.from.*\[208\.26\.102\.
* 128^0 ^From:(_dot_)*(_at_)yahoo(_dot_)com
{
CODE=$=
DIAGNOSTIC="///////////////////// Miscellaneous filter
1 => Possible forged _Received: from_ line
2 => Machine name absent
4 => from .ix.netcom.com
8 => X-Advertisement:
16 => Invalid X-UIDL
32 => Possible server hi-jacking
64 => Harris Marketing
128 => Email from yahoo.com
CODE = $="
:0:
| echo $DIAGNOSTIC>>junkmail ; cat - >>junkmail
}
--
Walter Dnes (Toronto)
<waltdnes(_at_)interlog(_dot_)com>