Chris Johnson wrote:
I realize this isn't a procmail question, but since people
using procmail are generally spam-conscious I thought I'd
bring this up here.
The question is: why would a spammer choose to send me spam
in this somewhat roundabout way?
To get around your spam filters.
I realize this isn't a procmail question...
Actually, it is<g>.
Also, this particular piece of spam had no Message-ID header.
As they say on Star Trek "WOOOOP,WOOOOP, RED ALERT". My
filter jumps all over that. (It also has code that rejects
email where my ISP's sendmail has "helpfully" inserted a
Message-ID: header locally.
:0f
* 2^0
* -1^0
^Message-Id:.*[<](_dot_)(_dot_)*(_at_)(_dot_)(_dot_)*\(_dot_)(_dot_)*[>]$
* -1^0 !^Message-Id:(.*$)+Message-Id:
| formail -A "X-Reject: Did not have exactly 1 Message-Id:"
What I thought was interesting about this particular piece
of spam was that it was injected directly from a Compuserve
dialup node to the machine listed as a backup in the MX
records for my domain.
More procmail fodder...
:0f
* 2^0 ^Received:.from.*\[(199\.174\.|206\.175\.|209\.154\.)
* -1^0 ^From:(_dot_)*(_at_)compuserve
* -1^0 ^Message-Id:(_dot_)*(_at_)compuserve
| formail -A "X-Reject: RFMS or relay launched from a CIS dialup"
For more procmail goodies, see my "SpamDunk Project" webpage
(URL below).
--
Walter Dnes <waltdnes(_at_)interlog(_dot_)com> procmail spamfilter
http://www.interlog.com/~waltdnes/spamdunk/spamdunk.htm
Why a fiscal conservative opposes Toronto 2008 OWE-lympics
http://www.interlog.com/~waltdnes/owe-lympics/owe-lympics.htm